=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2004/VULN540
_____________________________________________________________________

DATE                      : 16/12/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : OpenBSD 3.6, OpenBSD 3.5 and OpenBSD 3.4.

======================================================================

On systems running isakmpd(8) it is possible for a local user to
cause kernel memory corruption and system panic by setting ipsec(4)
credentials on a socket.  Stopping isakmpd(8) does not prevent the
memory corruption.

This has been fixed in OpenBSD-current, and the OpenBSD 3.6, 3.5,
and 3.4 -stable branches.  Patches are also available for OpenBSD
3.6, 3.5 and 3.4:

     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch
     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch
     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/035_pfkey.patch

Thanks to Stefan Miltchev for reporting the problem.

-markus

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================