Multiple BSD IPsec Sequence Number fast_ipsec(4) Verification Bypass

2006-03-22T00:00:00
ID OSVDB:24068
Type osvdb
Reporter Pawel Jakub Dawidek(pjd@freebsd.org)
Modified 2006-03-22T00:00:00

Description

Vulnerability Description

The IP Security Protocol (IPSec) on FreeBSD contains a flaw that may allow a malicious user to replay IPSec packets. The issue is triggered when IPSec fails to update the replay sequence number associated with a Security Association, allowing packets to unconditionally pass sequence number verification checks. It is possible that the flaw may allow a loss of integrity.

Solution Description

Upgrade to version 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch to address this vulnerability.

Short Description

The IP Security Protocol (IPSec) on FreeBSD contains a flaw that may allow a malicious user to replay IPSec packets. The issue is triggered when IPSec fails to update the replay sequence number associated with a Security Association, allowing packets to unconditionally pass sequence number verification checks. It is possible that the flaw may allow a loss of integrity.

References:

Vendor URL: http://www.freebsd.org Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch.asc Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch Vendor Specific Advisory URL Security Tracker: 1015809 Secunia Advisory ID:19366 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc Other Advisory URL: http://packetstormsecurity.org/advisories/freebsd/FreeBSD-SA-06-11.ipsec.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0401.html ISS X-Force ID: 25398 Generic Informational URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html CVE-2006-0905 Bugtraq ID: 17191