Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1175-1:81AE1
HistorySep 13, 2006 - 3:03 p.m.

[SECURITY] [DSA 1175-1] New isakmpd packages fix replay protection bypass

2006-09-1315:03:56
lists.debian.org
8

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.221 Low

EPSS

Percentile

96.5%

JSON

Debian Security Advisory DSA 1175-1 [email protected]
http://www.debian.org/security/ Noah Meyerhans
September 13th, 2006 http://www.debian.org/security/faq

Package : isakmpd
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4436
BugTraq ID : 19712
Debian Bug : 385894

A flaw has been found in isakmpd, OpenBSD's implementation of the
Internet Key Exchange protocol, that caused Security Associations to be
created with a replay window of 0 when isakmpd was acting as the
responder during SA negotiation. This could allow an attacker to
re-inject sniffed IPsec packets, which would not be checked against the
replay counter.

For the stable distribution (sarge) this problem has been fixed in
version 20041012-1sarge1

For the unstable distribution (sid) this problem has been fixed in
version 20041012-4

We recommend that you upgrade your isakmpd package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1.dsc
  Size/MD5 checksum:      661 35e8865c2759c66f01c0563a4bdfc124
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1.diff.gz
  Size/MD5 checksum:    68877 90e47af5080893c9ccf7d38aebef6760
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012.orig.tar.gz
  Size/MD5 checksum:   373941 e6d25a9e232fb186e1a48dc06453bd57

Alpha architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_alpha.deb
  Size/MD5 checksum:   708414 e6894a5a6c7a4586f2c22d28cd0a8f84

AMD64 architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_amd64.deb
  Size/MD5 checksum:   544652 43df55b5251b4cbb2bf3c4fe3528827f

ARM architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_arm.deb
  Size/MD5 checksum:   473492 92e5b4ae0fbbb14104d39fe0b1a24597

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_hppa.deb
  Size/MD5 checksum:   535124 d97d6a0357c332c72a8ac313a7f1c301

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_i386.deb
  Size/MD5 checksum:   497670 0a58ae7ef43c38853a58d430389d1840

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_ia64.deb
  Size/MD5 checksum:   786026 f8e473ef442260b13076aa6add875c99

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_m68k.deb
  Size/MD5 checksum:   421268 3f57254cfdded5e2615f4c3b277133e9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_mips.deb
  Size/MD5 checksum:   568914 cf14999a58edbb20545d8a63f7311f87

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_mipsel.deb
  Size/MD5 checksum:   567060 38fca5d17f6be2c843f92aed15ac3830

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_powerpc.deb
  Size/MD5 checksum:   555978 f3786f6d0f4e556587b372a753184cca

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_s390.deb
  Size/MD5 checksum:   548240 e9cbc0d97b19aac56686d7384de1c219

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_sparc.deb
  Size/MD5 checksum:   514166 7318cf5d5f419d5d00b45faf6d5bc3e1

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3.1hppaisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_hppa.deb
Debian3.1sparcisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_sparc.deb
Debian3.1alphaisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_alpha.deb
Debian3.1ia64isakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_ia64.deb
Debian3.1allisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_all.deb
Debian3.1amd64isakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_amd64.deb
Debian3.1mipsisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_mips.deb
Debian3.1mipselisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_mipsel.deb
Debian3.1s390isakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_s390.deb
Debian3.1m68kisakmpd< 20041012-1sarge1isakmpd_20041012-1sarge1_m68k.deb
Rows per page:
1-10 of 131

Related

openvas 2
nessus 1
nvd 1
cvelist 1
cve 1
ubuntucve 1
debiancve 1
openvas
openvas
Debian: Security Advisory (DSA-1175-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1175-1 (isakmpd)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-1175-1 : isakmpd - programming error
2006-10-14 00:00:00
nvd
nvd
CVE-2006-4436
2006-08-29 00:04:00
cvelist
cvelist
CVE-2006-4436
2006-08-29 00:00:00
cve
cve
CVE-2006-4436
2006-08-29 00:04:00
ubuntucve
ubuntucve
CVE-2006-4436
2006-08-29 00:00:00
debiancve
debiancve
CVE-2006-4436
2006-08-29 00:04:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.221 Low

EPSS

Percentile

96.5%

JSON
Related for DEBIAN:DSA-1175-1:81AE1
openvas2nessus1nvd1cvelist1cve1ubuntucve1debiancve1