Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2413 |
Message | EXPLOIT ISAKMP delete hash with empty hash attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the handling of ISAKMP data and SA keys. |
Impact | Serious |
Detailed Information | The Internet Security Association and Key Management Protocol (ISAKMP) is used as a framework for an authentication method between peers using secure keys. ISAKMP is a framework for authentication using cryptographic keys. It specifically defines the process of key exchange as opposed to the generation of a cryptographic key. ISAKMP also details the procedures for the required security associations in network security services. |
Affected Systems | Kame Racoon |
Attack Scenarios | The attacker may attempt to delete keys and security associations in hosts running the KAME IKE Daemon. |
Ease of Attack | Simple |
Corrective Action | Apply the appropriate vendor supplied patches |
Additional References | ISAKMP: http://www.networksorcery.com/enp/protocol/isakmp.htm RFC: http://www.ietf.org/rfc/rfc2407.txt http://www.ietf.org/rfc/rfc2408.txt IANA: http://www.iana.org/assignments/isakmp-registry |
Rule References | bugtraq: 9416 bugtraq: 9417 cve: 2004-0164 |
--
DID:211350
--
http://www.aanval.com/