Updated:  August 20, 2004

Status

Affected

Vendor Statement

Several bugs have been found in the ISAKMP daemon which can lead to memory leaks and a remote denial of service condition. An attacker can craft malformed payloads that can cause the isakmpd(8) process to stop processing requests. The problem is fixed in -current, 3.4-stable and 3.3-stable. Patches are available at: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/015_isakmpd2.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.