Lucene search

CERTVU:459371

HistoryOct 17, 2002 - 12:00 a.m.

Multiple IPsec implementations do not adequately validate authentication data

2002-10-1700:00:00

www.kb.cert.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.4%

JSON

Overview

IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service.

Description

For background:

* [RFC 2401](&lt;http://www.ietf.org/rfc/rfc2401.txt&gt;) Security Architecture for the Internet Protocol
* [RFC 2402](&lt;http://www.ietf.org/rfc/rfc2402.txt&gt;) IP Authentication Header
* [RFC 2406](&lt;http://www.ietf.org/rfc/rfc2406.txt&gt;) IP Encapsulating Security Payload

IPsec supports integrity and authentication for IP traffic by including a cryptographic checksum in each IPsec datagram. This authentication data is compared to the Integrity Check Value (ICV) that is calculated by the recipient. If the values match, the datagram is considered valid.

BindView RAZOR has reported a vulnerability that exists in KAME (FreeBSD, NetBSD), FreeS/WAN (Linux), and possibly other IPsec implementations. While processing an IPsec datagram, vulnerable implementations do not properly calculate the length of the authentication data field for very small datagrams, resulting in an unsigned integer overflow. The ICV is then calculated for an overly large range of memory, which could cause a kernel panic on vulnerable systems.

KAME, FreeBSD, and NetBSD are vulnerable due to the way they handle Encapsulating Security Payload (ESP) datagrams.

Impact

A remote attacker could crash a vulnerable system with a specially crafted IPsec packet. The attacker would need to supply the source and destination IP addresses, the Security Parameters Index (SPI), and a suitably large sequence number. All of this information is transmitted in plain text.

Solution

Upgrade or Apply a Patch

Upgrade or apply a patch as specified by your vendor(s).

Restrict Access

When possible, restrict access to IPsec hosts and gateways. Note that this will not prevent attacks, it will only limit the number of potential sources.

Vendor Information

459371

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Affected

Notified: August 20, 2002 Updated: October 15, 2002

Status

Affected

Vendor Statement

Vulnerable systems:

Mac OS X 10.2
Mac OS X Server 10.2
Fixed in:

Mac OS X 10.2.1
Mac OS X Server 10.2.1
Software updates are available from the “Software Update” pane in System Preferences or from the Apple Software Downloads site:

Mac OS X Update 10.2.1
<http://docs.info.apple.com/article.html?artnum=120147>Mac OS X Server Update 10.2.1
<http://docs.info.apple.com/article.html?artnum=120149>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Debian __ Affected

Notified: August 20, 2002 Updated: December 11, 2002

Status

Affected

Vendor Statement

Please see Debian Security Advisory DSA-201.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

FreeBSD __ Affected

Notified: August 21, 2002 Updated: October 15, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This vulnerability has been addressed in FreeBSD 4.7-RELEASE:

<http://www.FreeBSD.org/cgi/cvsweb.cgi/src/sys/netinet6/esp_input.c#rev1.1.2.7>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

FreeS/WAN __ Affected

Notified: August 20, 2002 Updated: December 02, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

FreeS/WAN 1.99 appears to address this issue:

[<http://www.freeswan.org/freeswan_trees/freeswan-1.99/CHANGES>]

“ESP (and AH, IPCOMP) potential DOS fix.”

[/klips/net/ipsec/ipsec_rcv.c]

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Global Technology Associates __ Affected

Updated: October 17, 2002

Status

Affected

Vendor Statement

After analyzing the IPSec issue described in VU#459371 Global Technology Associates, Inc. has determined that GTA firewall products running GNAT Box system software version prior to version 3.3.1 are vulnerable to this attack. GTA has released system software updates to correct this vulnerability.

For users with systems running GNAT Box system software version 3.3.0 a system software update version 3.3.1 is available from GTA’s Online Support Center.
For users with systems running GNAT Box system software version 3.2.x a system software update version 3.2.6 is available from GTA’s Online Support Center.
For users with systems running GNAT Box system software version 3.1.x or earlier no software update is available. Users should either upgrade to version 3.3.1 or add Remote Access filters to restrict access to designated remote VPN gateways.

To report potential security vulnerabilities in GTA products, send an E-mail message to: [email protected].

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

IBM __ Affected

Notified: August 21, 2002 Updated: December 11, 2002

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to the IPSec issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches are available through an efix package. The efix is available at the following URL:

<ftp://ftp.software.ibm.com/aix/efixes/security/ipsec_efix.tar.Z>

The following APARs will be available in the near future:
AIX 4.3.3 APAR IY37800 (available approx 1/29/03)
AIX 5.1.0 APAR IY37069 (available approx 12/18/02)
AIX 5.2.0 APAR IY37182 (available approx 4/28/03)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Internet Initiative Japan (IIJ) __ Affected

Notified: October 15, 2002 Updated: December 11, 2002

Status

Affected

Vendor Statement

IIJ SEIL/neu routers

Firmware prior to 1.63 are vulnerable to this problem. Upgrade to firmware 1.63 or later (available at <http://www.seil-neu.com/>). If you do are not using IPsec, you are not affected, however, we suggest you to upgrade the firmware in any case.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

KAME Project __ Affected

Notified: August 21, 2002 Updated: October 15, 2002

Status

Affected

Vendor Statement

all past KAME-based implementations are vulnerable. which includes:

MacOS 10.2
BSDi/WindRiver BSD/OS 4.2 and beyond
NetBSD 1.5 and beyond
FreeBSD 4.0 and beyond
and probably (if they enable IPsec)

Juniper JunOS
Extreme Networks ExtremeWare
WindRiver VxWorks
Hitachi GR2000 router [CommWorks Total Control 100]
Fujitsu GeoStream 920/940 router
NEC IX5000
IIJ SEIL
the problem has corrected on kame tree on 2002/08/21.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

For authoritative statements, please reference specific vendor records.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

NEC Corporation __ Affected

Notified: August 21, 2002 Updated: December 11, 2002

Status

Affected

Vendor Statement

sent on December 4, 2002

[Router Products]

* IX 5000 Series

- is NOT vulnerable.

* IX 1000 / 2000 Series (IX1010, IX1011, IX1020, IX1050, Bluefire IX1035 and IX2010)

- is vulnerable in the case of Version 4.1 or prior. The exploitation is possible only when IPsec is enabled.
- Fixed verion is 4.2.13 or greater.
- To get fixed software, please contact to: <>
- More information (in Japanese): <>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

NetBSD __ Affected

Notified: August 21, 2002 Updated: October 22, 2002

Status

Affected

Vendor Statement

See NetBSD security advisory SA2002-016.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

eSoft __ Affected

Notified: October 11, 2002 Updated: October 15, 2002

Status

Affected

Vendor Statement

eSoft InstaGate is only vulnerable to this denial of service attack if the attacker knows both the IP address of a tunnel endpoint and the SPI value for that tunnel. A patch is available through eSoft’s SoftPak Director.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Alcatel __ Not Affected

Notified: August 21, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

In relation to this CERT advisory on security vulnerability in IPsec implementations, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. An initial analysis has shown that none of our products is affected when used as delivered to customers. In particular, the OmniAccess 210, 250, 512 and OmniPCX Office are not affected.

Customers may contact their Alcatel support representative for more details. The security of our customers’ networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential security vulnerabilities in our products using IPsec technology and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Avaya __ Not Affected

Notified: August 21, 2002 Updated: December 11, 2002

Status

Not Affected

Vendor Statement

Avaya VPN products, including the VPN Service Unit (VSU) Series of VPN Gateways as well as the VPNremote desktop VPN client software, do not exhibit this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Borderware __ Not Affected

Notified: October 10, 2002 Updated: October 18, 2002

Status

Not Affected

Vendor Statement

We have determined that no BorderWare products are vulnerable to the attacks described in VU#459371.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Cisco Systems Inc. __ Not Affected

Notified: August 20, 2002 Updated: October 21, 2002

Status

Not Affected

Vendor Statement

Cisco products are not vulnerable to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Clavister __ Not Affected

Notified: August 21, 2002 Updated: August 22, 2002

Status

Not Affected

Vendor Statement

Clavister Firewall with VPN module: Not vulnerable.

Clavister VPN Client: Not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Cray Inc. __ Not Affected

Notified: August 20, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

Cray, Inc. is not vulnerable as we provide no software that performs this type of function.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Hewlett-Packard Company __ Not Affected

Notified: August 20, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

SOURCE: Hewlett-Packard Company and Compaq Computer Corporation, a wholly-owned subsidiary of Hewlett-Packard Company

RE: x-reference SSRT2326 IPSEC

Not Vulnerable:

HP-UX
HP-MPE/ix
HP Tru64 UNIX
HP NonStop Servers
HP OpenVMS

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Hitachi __ Not Affected

Notified: August 27, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

We’ve checked up on our router (Hitachi,Ltd. GR2000 series) about VU#459371. Our IPsec implemantation is NOT vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Intoto __ Not Affected

Notified: October 11, 2002 Updated: October 18, 2002

Status

Not Affected

Vendor Statement

Intoto analyzed iGateway AH and ESP implementation for the DoS threat published in VU#459371, and found that iGateway is not vulnerable to this DoS attack.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Lucent __ Not Affected

Notified: September 09, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

The Edge Switching and Routing products (specifically, the B-STDX 9000, CBX500, GX550, PSAX family and Springtide family) are not vulnerable to VU 459371.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Microsoft Corporation __ Not Affected

Notified: August 21, 2002 Updated: October 17, 2002

Status

Not Affected

Vendor Statement

Microsoft has conducted a thorough investigation based on this report. Microsoft products are not affected by this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

MontaVista Software __ Not Affected

Notified: August 21, 2002 Updated: October 21, 2002

Status

Not Affected

Vendor Statement

MontaVista does not ship any IPSec applications, thus this is not applicable to us. We are not vulnerable to vu459371.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

NetScreen __ Not Affected

Notified: August 27, 2002 Updated: August 29, 2002

Status

Not Affected

Vendor Statement

NetScreen’s Global PRO family of network management applications does not use IPSec and is not vulnerable to the issues raised in VU#459371.

NetScreen has determined that ScreenOS, the operating software for NetScreen security devices, is not vulnerable to the issues raised in VU#459371.

The IPSec implementation in the NetScreen Remote family of VPN and security clients has been examined and NetScreen has determined that it is not vulnerable to the issues raised in VU#459371.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Network Appliance __ Not Affected

Notified: October 10, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

NetApp products are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Nortel Networks __ Not Affected

Notified: August 21, 2002 Updated: December 11, 2002

Status

Not Affected

Vendor Statement

The following Nortel Networks products implement IPsec but are not affected by the vulnerabilities noted in VU#459371:

The Preside Multi-Service Data Manager (MDM) is not affected.

There are no issues with the Contivity Platform, this includes the:

Contivity 600/1500/1600/2000/2500/2600/4500/4600
Contivity 1010/1050/1100
Contivity 1700/2700
Contivity software releases 3.5 and beyond including the Contivity VPN Client
The Shasta 5000 Broadband Services Node is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Openwall GNU/*/Linux __ Not Affected

Notified: August 21, 2002 Updated: October 21, 2002

Status

Not Affected

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. We don’t yet support IPsec.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

SSH Communications Security __ Not Affected

Notified: August 21, 2002 Updated: December 11, 2002

Status

Not Affected

Vendor Statement

1. CERT/CC Vulnerability Note VU#459371

=======================================

Multiple IPSec implementations do not adequately validate
authentication data:

CERT/CC has announced a new vulnerability on IPSec (see the
"Vulnerability Note VU#459371" referred). Based on our review, SSH
IPSEC Express Toolkit 4.x/5.x and SSH QuickSec Toolkit 1.x are not
vulnerable to the attack described. The sanity check relevant for
this functionality is located in the transform code of the IPSec
packet processing.

More information can be found at:

<http://www.kb.cert.org/vuls/id/459371>

This vulnerability has been assigned CAN-2002-0666 by CVE.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

SafeNet __ Not Affected

Notified: August 20, 2002 Updated: October 15, 2002

Status

Not Affected

Vendor Statement

SafeNet’s VPN clients are not susceptible to this vulerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Sun Microsystems Inc. Not Affected

Notified: August 21, 2002 Updated: August 29, 2002

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Conectiva Unknown

Notified: August 20, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Data General Unknown

Notified: August 20, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Extreme Networks Unknown

Notified: October 11, 2002 Updated: October 15, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

F-Secure Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Fujitsu Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Guardian Digital Inc. Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Juniper Networks Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

MandrakeSoft Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

NIST Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

NeXT Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Network Associates Unknown

Notified: August 20, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Novell Unknown

Notified: December 11, 2002 Updated: December 11, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

OpenBSD Unknown

Notified: August 20, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

PGP Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Red Hat Inc. Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

SGI Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Sequent Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Sony Corporation Unknown

Notified: August 20, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

SuSE Inc. Unknown

Notified: August 20, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

The SCO Group (SCO Linux) Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Unisys Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

Wind River Systems Inc. Unknown

Notified: August 21, 2002 Updated: August 29, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23459371 Feedback>).

View all 52 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

The CERT/CC thanks Todd Sabin of BindView RAZOR for discovering and reporting this issue.

This document was written by Art Manion.

Other Information

CVE IDs:	CVE-2002-0666
Severity Metric:	5.14 Date Public:

References

razor.bindview.com/publish/advisories/adv_ipsec.html

www.ietf.org/rfc/rfc2401.txt

www.ietf.org/rfc/rfc2402.txt

www.ietf.org/rfc/rfc2406.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for VU:459371