OSVDB ID: 7257

Title: OpenBSD isakmpd Quick Mode Initiator Responder Payload Encryption Failure

Info

Disclosure

Nov 02, 2003

Discovery

Unknown

Dates

Exploit

Nov 02, 2003

Solution

Unknown

Description

OpenBSD isakmpd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the Internet Key Exchange (IKE) daemon does not apply payload encryption and the initiator itself also does not apply payload encryption during a Phase 2 exchange, also known as a Quick Mode exchange. This will disclose encryption keys resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public

Solution

Upgrade to version 3.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: download message.c version 1.62 or higher from the OpenBSD CVS repository and rebuild isakmpd.

Products

OpenBSD	OpenBSD	3.0
		3.1
		3.2
		3.3
		3.4

References

Secunia Advisory ID: 10168
ISS X-Force ID: 13625
Related OSVDB ID: 2845 7258 7259
Bugtraq ID: 8964
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0007.html
Vendor Specific Solution URL: http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/message.c.diff?r1=1.60&r2=1.61&f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/message.c.diff?r1=1.61&r2=1.62&f=h

Credit

Thomas Walpuski - thomasthinknerd.de -

Direct URL: http://osvdb.org/7257