CVE-2004-0219
Description
Remote attackers can crash OpenBSD isakmpd via a malformed ISAKMP Security Association payload, causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote attackers can crash OpenBSD isakmpd via a malformed ISAKMP Security Association payload, causing denial of service.
Vulnerability
isakmpd in OpenBSD 3.4 and earlier (including -current as of March 17, 2004) contains a flaw in its handling of ISAKMP packets with a malformed Security Association payload. The daemon reads out of bounds when processing such payloads, leading to a crash. [1][2]
Exploitation
An unauthenticated remote attacker can send a specially crafted ISAKMP packet containing a malformed Security Association payload. No prior authentication or network position beyond network access is required. The Striker ISAKMP Protocol Test Suite demonstrated the attack. [1][2]
Impact
Successful exploitation causes the isakmpd daemon to crash, resulting in a denial of service. Subsequent IPsec-enabled communications may be disrupted until the daemon is restarted. [2]
Mitigation
OpenBSD has released patches for -current, 3.4-stable, and 3.3-stable. Users should apply the patch from the vendor's errata page [1][3]. The upcoming OpenBSD 3.5 will include privilege separation to lessen impact of future vulnerabilities. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7News mentions
0No linked articles in our index yet.