FreeBSD IPSec fast_ipsec(4) replay
| bsd-ipsec-replay (25398) |  Low Risk |
Description:
FreeBSD could allow a remote attacker to bypass the IPSec anti-replay service and launch a replay attack. This is caused by an error in fast_ipsec(4) that results in improper verification of sequence numbers for IP packet checksums.
Consequences:
Bypass Security
Remedy:
Refer to FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec for patch, upgrade, or suggested workaround information. See References.
References:
- FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec: IPsec replay attack vulnerability .
- BID-17191: FreeBSD IPsec Replay Vulnerability
- CVE-2006-0905: A programming error in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
- OSVDB ID: 24068: Multiple BSD IPsec Sequence Number fast_ipsec(4) Verification Bypass
- SA19366: FreeBSD IPsec Sequence Number Verification Bypass
- SECTRACK ID: 1015809: IPSec Bug in `xform_esp.c` May Let Remote Users Bypass Anti-Replay Sequence Number Checking
- SECTRACK ID: 1015811: (FreeBSD Issues Fix) IPSec Bug in xform_esp.c May Let Remote Users Bypass Anti-Replay Sequence Number Checking
Platforms Affected:
- FreeBSD FreeBSD
Reported:
Mar 22, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net