| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Kame Racoon All Versions. It has been declared as problematic. Affected is an unknown function of the file isakmp.c. The manipulation results in improper authentication. This vulnerability is identified as CVE-2004-0164. Additionally, an exploit exists. It is recommended to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Kame Racoon All Versions. Affected is some unknown processing of the file isakmp.c. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on integrity. CVE summarizes:
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
The bug was discovered 12/31/2003. The weakness was released 03/03/2004 by Thomas Walpuski as not defined posting (Bugtraq). The advisory is shared for download at marc.theaimsgroup.com. This vulnerability is traded as CVE-2004-0164. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known.
A public exploit has been developed in ANSI C. The exploit is shared for download at securityfocus.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 63 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 38002 (FreeBSD : racoon security association deletion vulnerability (739bb51d-7e82-11d8-9645-0020ed76ef5a)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks and running in the context l.
Upgrading eliminates this vulnerability. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 2413.
The vulnerability is also documented in the databases at X-Force (14118), Exploit-DB (23540), Tenable (38002), SecurityFocus (BID 9417†) and OSVDB (3495†). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 38002
Nessus Name: FreeBSD : racoon security association deletion vulnerability (739bb51d-7e82-11d8-9645-0020ed76ef5a)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 52492
OpenVAS Name: FreeBSD Ports: racoon
OpenVAS File: 🔍
OpenVAS Family: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Snort ID: 2413
Snort Message: SERVER-OTHER ISAKMP delete hash with empty hash attempt
Snort Class: 🔍
Suricata ID: 2102413
Suricata Class: 🔍
Suricata Message: 🔍
SourceFire IPS: 🔍
PaloAlto IPS: 🔍
Timeline
12/31/2003 🔍12/31/2003 🔍
01/14/2004 🔍
03/03/2004 🔍
03/03/2004 🔍
03/25/2004 🔍
03/11/2007 🔍
04/23/2009 🔍
10/15/2014 🔍
09/28/2024 🔍
Sources
Advisory: marc.theaimsgroup.comResearcher: Thomas Walpuski
Status: Not defined
CVE: CVE-2004-0164 (🔍)
GCVE (CVE): GCVE-0-2004-0164
GCVE (VulDB): GCVE-100-21636
OVAL: 🔍
X-Force: 14118
SecurityFocus: 9417 - KAME Racoon "Initial Contact" SA Deletion Vulnerability
OSVDB: 3495 - OpenBSD ISAKMP daemon INITIAL-CONTACT could allow an attacker to delete IPsec SAs
Vulnerability Center: 14576 - KAME IKE Daemon (Racoon) Allows Remote Attackers to Delete Security Associations, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 10/15/2014 15:28Updated: 09/28/2024 03:52
Changes: 10/15/2014 15:28 (85), 07/16/2019 12:53 (6), 09/28/2024 03:52 (17)
Complete: 🔍
Cache ID: 216:BFE:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.