IPsec short packet integer overflow

ipsec-packet-integer-overflow (10411) The risk level is classified as LowLow Risk

Description:

Multiple vendor implementations of IPsec are vulnerable to a denial of service attack, caused by an unsigned integer overflow. IPsec fails to properly handle very short IPsec packets. A remote attacker could send a specially-crafted IPsec packet to cause the system to crash, and possibly cause a kernel panic on some systems.


Consequences:

Denial of Service

Remedy:

Refer to CERT Vulnerability Note VU#59371 for vendor-specific upgrade or patch information. See References.

For Debian GNU/Linux:
Upgrade to the latest freeswan package, as listed below. Refer to DSA-201-1 for more information. See References.

Debian GNU/Linux 3.0 (woody): 1.96-1.4 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • BindView RAZOR Security Advisory, October 18, 2002: Denial of Service in IPSEC implementations .
  • FreeBSD Web site: CVS log for src/sys/netinet6/esp_input.c.
  • NetBSD Security Advisory NetBSD-SA2002-016: Insufficient length check in ESP authentication data. (From Neohapsis archive.)
  • BID-6011: Multiple Vendor IPSec Implementation Denial of Service Vulnerabilities
  • CVE-2002-0666: IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
  • DSA-201: freeswan -- denial of service
  • US-CERT VU#459371: Multiple IPsec implementations do not adequately validate authentication data

Platforms Affected:

  • Apple Mac OS X 10.2
  • Apple Mac OS X Server 10.2
  • Debian Debian Linux 3.0
  • eSoft InstaGate
  • FreeBSD FreeBSD 4.0
  • FreeBSD FreeBSD 4.1
  • FreeBSD FreeBSD 4.1.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 4.3
  • FreeBSD FreeBSD 4.4
  • FreeBSD FreeBSD 4.5
  • FreeBSD FreeBSD 4.6
  • FreeBSD FreeBSD 4.6.1
  • FreeBSD FreeBSD 4.6.2
  • Global Technology Associates GNAT Box prior to 3.3.1
  • Internet Initiative Japan SEIL/neu routers firmware < 1.63
  • Linux FreeS/WAN FreeS/WAN
  • NEC IX1000
  • NEC IX2000
  • NetBSD NetBSD 1.5
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5.2
  • NetBSD NetBSD 1.5.3
  • NetBSD NetBSD 1.6 beta
  • Thinking Arts ES.One 2.2 Beta
  • WindRiver BSDOS 4.2
  • WindRiver BSDOS 4.3
  • WindRiver BSDOS 4.3.1
  • WindRiver BSDOS 5.0

Reported:

Oct 17, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page