Important: Red Hat Security Advisory: libreswan security update

An update for libreswan is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : libreswan (RHSA-2020:2070)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2070 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Man-in-the-Middle (MitM)

kenrel is vulnerable to man-in-the-middle attack. Certain ipv6 protocols are not encrypted over ipsec tunnel, allowing an attacker to intercept and modify network traffic...

CVE-2020-12142

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

Design/Logic Flaw

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

CVE-2020-12142 IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

CVE-2020-12142

CVE-2020-12142 affects the EdgeConnect appliance. An admin user with shell access can retrieve IPSec UDP key material (IPSec seed and nonce) via CLI, REST APIs, or the Linux shell, enabling potential decryption of in-flight traffic. The issue requires administrative access and is described across...

unbound security update

1.7.3-10 - Secure ipsec mode 1772061 - CVE-2019-18934 1.7.3-9 - Use pthreadmutext locks when dealing with I/O operations 1775708...

EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2020-1557)

According to the version of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receivi...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2020-1557)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : kernel (RHSA-2020:1769)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1769 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in blkaddtrace ...

Vulnerability fixed in Linux kernel

SUSE has fixed a vulnerability in SUSE Kernel. The vulnerability causes in certain cases IPv6 traffic to be is not encrypted over an IPsec tunnel. A malicious party could potentially be able to retrieve sensitive data as a result. -= SUSE =- SUSE has made updates available to fix the vulnerabilit...

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass

Microsoft security advisory: Vulnerability in IPsec could allow security feature bypass INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, g...

SUSE-SU-2020:1049-1 Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19737 fixes one issue. The following security issue was fixed: - CVE-2020-1749: Fixed a vulnerability where in some cases IPv6 traffic would not be encrypted over an IPsec tunnel bsc1165629...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1508)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

iniscripts is vulnerable to information disclosure. With the default IPsec Internet Protocol Security ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key PSK hash being sent unencrypted, which could...

Denial Of Service (DoS)

ipsec-tools is vulnerable to denial of service DoS. The vulnerability exists as a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory...

Denial Of Service (DoS)

ipsec-tools is vulnerable to denial of service. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory...

Denial Of Service (DoS)

The ipsec-tools package is vulnerable to Denial Of Service DoS. It was possible for a remote attacker to cause the racoon daemon to consume all available memory...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it wou...