Design/Logic Flaw

2008-03-1318:44:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.1%

JSON

The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.

CPENameOperatorVersion
netbsdeq2.0.4
netbsdeq2.1
netbsdeq3.1 rc3
netbsdeq2.0.2
netbsdeq3.0.1
netbsdeq2.0.3
netbsdeq3.0.2
netbsdeq2.1.1
netbsdeq2.0.1
netbsdeq3.1