Vulnerability Description
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kame | Racoon | <= 2004-04-07a |
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
- http://orange.kame.net/dev/query-pr.cgi?pr=555
- http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15893
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
- http://orange.kame.net/dev/query-pr.cgi?pr=555
- http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15893
FAQ
What is CVE-2004-0392?
CVE-2004-0392 is a vulnerability with a CVSS score of 5.0 (MEDIUM). racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "...
How severe is CVE-2004-0392?
CVE-2004-0392 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0392?
Check the references section above for vendor advisories and patch information. Affected products include: Kame Racoon.