GEN:SID | 1:2413 |
Message | EXPLOIT ISAKMP delete hash with empty hash attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the handling of ISAKMP data and SA keys.
|
Impact | Serious
|
Detailed Information | The Internet Security Association and Key Management Protocol (ISAKMP) is used as a framework for an authentication method between peers using secure keys.
ISAKMP is a framework for authentication using cryptographic keys. It specifically defines the process of key exchange as opposed to the generation of a cryptographic key.
ISAKMP also details the procedures for the required security associations in network security services.
|
Affected Systems | Kame Racoon
|
Attack Scenarios | The attacker may attempt to delete keys and security associations in hosts running the KAME IKE Daemon.
|
Ease of Attack | Simple
|
Corrective Action | Apply the appropriate vendor supplied patches
|
Additional References | ISAKMP: http://www.networksorcery.com/enp/protocol/isakmp.htm
RFC: http://www.ietf.org/rfc/rfc2407.txt http://www.ietf.org/rfc/rfc2408.txt
IANA: http://www.iana.org/assignments/isakmp-registry
|
Rule References | bugtraq: 9416
bugtraq: 9417
cve: 2004-0164
|