| Vulnerability Name: | CVE-2004-0403 (CCN-15893) | ||||||||||||||||
| Assigned: | 2004-03-31 | ||||||||||||||||
| Published: | 2004-03-31 | ||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||
| Summary: | Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: CCN Type: SCO Security Advisory SCOSA-2005.10 Source: SCO Type: UNKNOWN SCOSA-2005.10 Source: SGI Type: UNKNOWN 20040506-01-U Source: MITRE Type: CNA CVE-2004-0392 Source: MITRE Type: CNA CVE-2004-0403 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2005:971 Fixes for ipsec-tools Source: APPLE Type: UNKNOWN APPLE-SA-2004-05-03 Source: CCN Type: RHSA-2004-165 ipsec-tools security update Source: CCN Type: SA11410 KAME Racoon ISAKMP Header Length Field Denial of Service Source: SECUNIA Type: UNKNOWN 11410 Source: CCN Type: SA11877 IPsec-Tools Denial of Service and Certificate Validation Vulnerabilities Source: SECUNIA Type: UNKNOWN 11877 Source: GENTOO Type: UNKNOWN GLSA-200404-17 Source: CCN Type: SECTRACK ID: 1009937 Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values Source: SECTRACK Type: UNKNOWN 1009937 Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=232288 Source: CCN Type: GLSA-200404-17 ipsec-tools and iputils contain a remote DoS vulnerability Source: CCN Type: Racoon Web page Racoon Source: CCN Type: Racoon ChangeLog Web page RCS file: /cvsroot/kame/kame/kame/kame/racoon/isakmp.c,v Source: CONFIRM Type: Exploit http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181 Source: CCN Type: GLSA 200404-17 ipsec-tools and iputils contain a remote DoS vulnerability Source: MANDRAKE Type: UNKNOWN MDKSA-2004:069 Source: OSVDB Type: UNKNOWN 5491 Source: CCN Type: OSVDB ID: 5491 KAME Racoon ISAKMP Header Length DoS Source: CCN Type: OSVDB ID: 5893 KAME Racoon IKE Header DoS Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:165 Source: BID Type: UNKNOWN 10172 Source: CCN Type: BID-10172 KAME Racoon Malformed ISAKMP Packet Denial of Service Vulnerability Source: CCN Type: BID-10296 KAME Racoon Remote IKE Message Denial Of Service Vulnerability Source: CCN Type: FreeBSD VuXML Web page racoon remote denial of service vulnerability (ISAKMP header length field) Source: CONFIRM Type: Vendor Advisory http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html Source: XF Type: UNKNOWN racoon-isakmp-dos(15893) Source: XF Type: UNKNOWN racoon-isakmp-dos(15893) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11220 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:984 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||