OSVDB ID: 7257

Title: OpenBSD isakmpd Quick Mode Initiator Responder Payload Encryption Failure

Info

Disclosure

Nov 02, 2003

Discovery

Unknown

Dates

Exploit

Nov 02, 2003

Solution

Unknown

Description

OpenBSD isakmpd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the Internet Key Exchange (IKE) daemon does not apply payload encryption and the initiator itself also does not apply payload encryption during a Phase 2 exchange, also known as a Quick Mode exchange. This will disclose encryption keys resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Impact: Loss of Confidentiality
Exploit: Exploit Public

Solution

Upgrade to version 3.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: download message.c version 1.62 or higher from the OpenBSD CVS repository and rebuild isakmpd.

Products

OpenBSD

OpenBSD

3.0
3.1
3.2
3.3
3.4

References

Credit

  • Thomas Walpuski - thomasthinknerd.de -


Direct URL: http://osvdb.org/7257