=====================================================================
                                 CERT-Renater

                      Note d'Information No. 2004/VULN122
_____________________________________________________________________

DATE                      : 18/03/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running isakmpd.
                            
======================================================================


Several bugs have been found in the ISAKMP daemon which can lead to memory
leaks and a remote denial of service condition. An attacker can craft
malformed payloads that can cause the isakmpd(8) process to stop
processing requests.

The problem is fixed in -current, 3.4-stable and 3.3-stable.

Patches are available at:

  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/015_isakmpd2.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch 


======================================================================

        =========================================================
        Les serveurs de référence du CERT-Renater
        http://www.urec.fr/securite
        http://www.cru.fr/securite
        http://www.renater.fr 
	=========================================================
	+ CERT-RENATER		| tel : 01-53-94-20-44		+
	+ 151 bd de l'Hopital	| fax : 01-53-94-20-41		+
	+ 75013 Paris		| email: certsvp@renater.fr	+
	=========================================================