Intrusion Prevention

KAME.Racoon.Unauthorized.IPSec.SA.Deletion

Description

This indicates an attempt to exploit a vulnerability in the KAME IKE daemon (Racoon).
KAME IKE daemon (Racoon) does not properly handle hash values. This allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.

Affected Products

All versions of Racoon are affected.

Impact

System compromise: unauthorized deletion of IPSec SA.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2004-0164