Racoon contains a flaw that may allow a malicious user to cause a Denial of Service. The issue is triggered when when Racoon receives a delete message containing the initiator cookie of a main/aggressive/base mode that has not yet setup an ISAKMP security association. It is possible that the flaw may allow a DoS resulting in a loss of availability.
Classification
Unknown or Incomplete
Technical
All versions of KAME Racoon released prior to January 13, 2004 are vulnerable.
Solution
Currently, there are no known workarounds or upgrades to correct this issue. However, KAME has released a patch to address this vulnerability.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.