CVE-2004-2230

Vulnerability

A heap-based buffer overflow exists in isakmpd on OpenBSD versions 3.4 through 3.6. The vulnerability is triggered when a local user sends crafted IPSEC credentials over a socket, leading to a heap overflow in the daemon's memory handling. Affected versions are OpenBSD 3.4, 3.5, and 3.6 [1].

Exploitation

An attacker must have local access to the system and the ability to create a socket and send IPSEC credentials. No additional authentication is required beyond local user privileges. The attacker crafts a malicious IPSEC credential payload that, when processed by isakmpd, overflows a heap buffer, corrupting adjacent memory [1].

Impact

Successful exploitation results in a denial of service (kernel panic) and potential memory corruption. While the description does not confirm arbitrary code execution, memory corruption could lead to privilege escalation or further system compromise [1].

Mitigation

OpenBSD released a patch as part of the 3.6 errata (reference [1]). Users should upgrade to a patched version of OpenBSD 3.6 or apply the specific patch for isakmpd. For unsupported versions (3.4, 3.5), upgrading to a supported release with the fix is recommended [1].