ID de Prueba:	1.3.6.1.4.1.25623.1.0.52399
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: isakmpd
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: isakmpd CVE-2004-0218 isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVE-2004-0219 isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVE-2004-0220 isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via a an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, , as demonstrated by the Striker ISAKMP Protocol Test Suite. CVE-2004-0221 isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVE-2004-0222 Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. Solution: Update your system with the appropriate patches or software upgrades. http://www.rapid7.com/advisories/R7-0018.html http://www.openbsd.org/errata34.html http://www.vuxml.org/freebsd/b7cb488c-8349-11d8-a41f-0020ed76ef5a.html CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0218 BugTraq ID: 10028 http://www.securityfocus.com/bid/10028 Bugtraq: 20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108008530028019&w=2 CERT/CC vulnerability note: VU#349113 http://www.kb.cert.org/vuls/id/349113 http://www.rapid7.com/advisories/R7-0018.html OpenBSD Security Advisory: 20040317 015: RELIABILITY FIX: March 17, 2004 http://www.openbsd.org/errata.html http://www.securitytracker.com/alerts/2004/Mar/1009468.html http://secunia.com/advisories/11156 XForce ISS Database: openbsd-isakmp-zerolength-dos(15518) https://exchange.xforce.ibmcloud.com/vulnerabilities/15518 Common Vulnerability Exposure (CVE) ID: CVE-2004-0219 BugTraq ID: 9907 http://www.securityfocus.com/bid/9907 CERT/CC vulnerability note: VU#785945 http://www.kb.cert.org/vuls/id/785945 XForce ISS Database: openbsd-isakmp-ipsec-dos(15628) https://exchange.xforce.ibmcloud.com/vulnerabilities/15628 Common Vulnerability Exposure (CVE) ID: CVE-2004-0220 CERT/CC vulnerability note: VU#223273 http://www.kb.cert.org/vuls/id/223273 XForce ISS Database: openbsd-isakmp-integer-underflow(15629) https://exchange.xforce.ibmcloud.com/vulnerabilities/15629 Common Vulnerability Exposure (CVE) ID: CVE-2004-0221 CERT/CC vulnerability note: VU#524497 http://www.kb.cert.org/vuls/id/524497 XForce ISS Database: openbsd-isakmp-delete-dos(15630) https://exchange.xforce.ibmcloud.com/vulnerabilities/15630 Common Vulnerability Exposure (CVE) ID: CVE-2004-0222 BugTraq ID: 10032 http://www.securityfocus.com/bid/10032 CERT/CC vulnerability note: VU#996177 http://www.kb.cert.org/vuls/id/996177 XForce ISS Database: openbsd-isakmp-memory-leak(15519) https://exchange.xforce.ibmcloud.com/vulnerabilities/15519
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.