kernel security update

CentOS Errata and Security Advisory CESA-2008:0275 Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

RHEL 5 : kernel (RHSA-2008:0275)

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

zyxel-xss.txt

Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN...

CVE-2007-6282

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

Design/Logic Flaw

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

CVE-2007-6282

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

ZYWALL Referer Header XSS Vulnerability

Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN...

CVE-2007-6282

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

CVE-2007-6282

CVE-2007-6282 affects the Linux kernel IPsec ESP handling: the kernel before 2.6.25 can crash when processing fragmented ESP packets where the first fragment doesn’t include the full ESP header and IV. This was addressed in multiple advisories, with patches and updated kernels provided (e.g., RHS...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Design/Logic Flaw

The ipsec4getulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fastipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a...

CVE-2008-1335

The ipsec4getulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fastipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a...

CVE-2008-1335

CVE-2008-1335 affects NetBSD kernel (ipsec4_get_ulp) on 2.0–3.1 and NetBSD-current before 20071028 with fast_ipsec enabled, allowing remote attackers to bypass IPsec policy by sending packets from a source with different endianness than the destination. This is a separate vulnerability from CVE-2...

Design/Logic Flaw

Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service panic via unspecified vectors...

CVE-2008-1205

Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service panic via unspecified vectors...

Default configuration

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...

CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...

CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...

CVE-2008-1198

CVE-2008-1198 is tied to initscripts in Red Hat Enterprise Linux 3–5 where the default IPsec ifup script configures racoon to use aggressive IKE mode instead of main IKE mode. This configuration allows remote attackers to brute-force or sniff an unencrypted preshared key (PSK) hash, potentially l...