CVE-2004-0218

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=108008530028019&w=2
http://secunia.com/advisories/11156
http://www.kb.cert.org/vuls/id/349113	US Government Resource
http://www.openbsd.org/errata.html	Patch
http://www.rapid7.com/advisories/R7-0018.html
http://www.securityfocus.com/bid/10028
http://www.securitytracker.com/alerts/2004/Mar/1009468.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15518

Configurations

Configuration 1 (hide)

cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-05-04 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0218

Mitre link : CVE-2004-0218

CVE.ORG link : CVE-2004-0218

JSON object : View

Products Affected

openbsd

openbsd

CWE

NVD-CWE-Other

{"id": "CVE-2004-0218", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-05-04T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108008530028019&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/11156", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/349113", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.openbsd.org/errata.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.rapid7.com/advisories/R7-0018.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10028", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/alerts/2004/Mar/1009468.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15518", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite."}, {"lang": "es", "value": "isakmpd en OpenBSD 3.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) mediante un paquete ISAKMP con una carga \u00fatil de logitud cero, como se ha demostrado por la Suite de pruebas de protocolos ISAKMP Striker."}], "lastModified": "2017-07-11T01:29:58.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5DFD8FE-5B7A-4A71-B9C8-BF7E9F0F7DB9", "versionEndIncluding": "3.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}