Vulnerabilities > CVE-2005-0398 - Denial of Service vulnerability in KAME Racoon Malformed ISAKMP Packet Headers

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2005-03-14

Updated: 2017-10-11

Summary

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

Vulnerable Configurations

Part	Description	Count
Application	Ipsec-Tools Ipsec Tools Ipsec Tools 0.3.3 Ipsec Tools Ipsec Tools 0.5	2
Application	Kame Kame Racoon 2003-07-11 Kame Racoon 2004-04-05 Kame Racoon 2004-04-07B Kame Racoon 2004-05-03 Kame Racoon 2005-01-03 Kame Racoon 2005-01-10 Kame Racoon 2005-01-17 Kame Racoon 2005-01-24 Kame Racoon 2005-01-31 Kame Racoon 2005-02-07 Kame Racoon 2005-02-14 Kame Racoon 2005-02-21 Kame Racoon 2005-02-28 Kame Racoon 2005-03-07	14
Application	Sgi SGI Propack 3.0	1
OS	Altlinux Altlinux ALT Linux 2.3	2
OS	Redhat Redhat Enterprise Linux 3.0 Redhat Enterprise Linux 4.0 Redhat Enterprise Linux Desktop 3.0 Redhat Enterprise Linux Desktop 4.0	8
OS	Suse Suse Suse Linux * Suse Suse Linux 9.1 Suse Suse Linux 9.2	6

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2005_020.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2005:020 (ipsec-tools). Racoon is a ISAKMP key management daemon used in IPsec setups. Sebastian Krahmer of the SUSE Security Team audited the daemon and found that it handles certain ISAKMP messages in a slightly wrong way, so that remote attackers can crash it via malformed ISAKMP packages. This update fixes this problem. This is tracked by the Mitre CVE ID CVE-2005-0398.
last seen	2020-06-01
modified	2020-06-02
plugin id	17671
published	2005-04-01
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17671
title	SUSE-SA:2005:020: ipsec-tools

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-216.NASL
description	This update fixes a potential DoS in parsing ISAKMP headers in racoon. (CVE-2005-0398) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	18314
published	2005-05-19
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18314
title	Fedora Core 2 : ipsec-tools-0.5-2.fc2 (2005-216)

NASL family	Denial of Service
NASL id	RACOON_ISAKMP_DOS.NASL
description	The remote IPSEC server seems to have a problem negotiating malformed ISAKMP packets. An attacker may use this flaw to crash the remote host repeatedly and disable your VPN remotely.
last seen	2020-06-01
modified	2020-06-02
plugin id	17655
published	2005-03-30
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17655
title	ipsec-tools KAME racoon Daemon ISAKMP Header Parsing Remote DoS

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-232.NASL
description	An updated ipsec-tools package that fixes a bug in parsing of ISAKMP headers is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel. The ipsec-tools package includes : - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon A bug was found in the way the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0398 to this issue. Additionally, the following issues have been fixed: - racoon mishandled restarts in the presence of stale administration sockets. - on Red Hat Enterprise Linux 4, racoon and setkey did not properly set up forward policies, which prevented tunnels from working. Users of ipsec-tools should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17622
published	2005-03-25
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17622
title	RHEL 3 / 4 : ipsec-tools (RHSA-2005:232)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_3B260179E464460DBF9FD5CDA6204020.NASL
description	Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack.
last seen	2020-06-01
modified	2020-06-02
plugin id	18903
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18903
title	FreeBSD : racoon -- remote denial-of-service (3b260179-e464-460d-bf9f-d5cda6204020)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-107-1.NASL
description	Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash. This update does not introduce any source code changes affecting the ipsec-tools package. It is necessary to update the version number of the package in order to support an update to the
last seen	2020-06-01
modified	2020-06-02
plugin id	20493
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20493
title	Ubuntu 4.10 : ipsec-tools vulnerability (USN-107-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-062.NASL
description	A bug was discovered in the way that the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17668
published	2005-04-01
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17668
title	Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2005:062)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-217.NASL
description	This update fixes a potential DoS in parsing ISAKMP headers in racoon. (CVE-2005-0398) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	19627
published	2005-09-12
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19627
title	Fedora Core 3 : ipsec-tools-0.5-2.fc3 (2005-217)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200503-33.NASL
description	The remote host is affected by the vulnerability described in GLSA-200503-33 (IPsec-Tools: racoon Denial of Service) Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing code of racoon. Impact : An attacker could possibly cause a Denial of Service of racoon using a specially crafted ISAKMP packet. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	17642
published	2005-03-29
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17642
title	GLSA-200503-33 : IPsec-Tools: racoon Denial of Service

Oval

accepted

2013-04-29T04:00:37.776-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

family

unix

oval:org.mitre.oval:def:10028

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

version

Redhat

advisories

rhsa

id	RHSA-2005:232

rpms

ipsec-tools-0:0.2.5-0.7
ipsec-tools-0:0.3.3-6
ipsec-tools-debuginfo-0:0.2.5-0.7
ipsec-tools-debuginfo-0:0.3.3-6

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References