FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sysnetipsec Announced: 2006-03-22 Credits: Pawel...

FreeBSD IPSec replay attack

fastipsec implementation doesn't increment packet sequence number, allowing replay attack for captured packet...

FreeBSD-SA-06:11.ipsec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sysnetipsec Announced: 2006-03-22 Credits: Pawel...

ipsec -- reply attack vulnerability

Problem Description IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fastipsec4 implementation results in the sequence number associated...

Input validation

IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service application crash via unspecified vectors involving the "incorrect handling of error conditions"...

CVE-2006-0383

IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service application crash via unspecified vectors involving the "incorrect handling of error conditions"...

CVE-2006-0383

IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service application crash via unspecified vectors involving the "incorrect handling of error conditions"...

Mac OS X Multiple Vulnerabilities (Security Update 2006-001)

The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apachemodphp automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication C Tenable Network...

Design/Logic Flaw

The Internet Key Exchange version 1 IKEv1 implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service crash via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of...

CVE-2006-0718

The Internet Key Exchange version 1 IKEv1 implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service crash via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of...

CVE-2006-0718

The Internet Key Exchange version 1 IKEv1 implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service crash via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of...

CVE-2006-0718

Technical details for CVE-2006-0718 are not present in the connected documents. No information here on affected products, versions, root cause, or fixes. Monitor for updates from official advisories and vendors.

[SECURITY] [DSA 965-1] New ipsec-tools packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 965-1 [email protected] http://www.debian.org/security/ Martin Schulze February 6th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 965-1] New ipsec-tools packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 965-1 [email protected] http://www.debian.org/security/ Martin Schulze February 6th, 2006 http://www.debian.org/security/faq -...

DSA-965-1 ipsec-tools - null dereference

Bulletin has no description...

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2006:020)

The Internet Key Exchange version 1 IKEv1 implementation isakmpagg.c in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service null dereference and crash via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for...

Cisco IOS IPSec IKE Traffic Remote DoS (CSCed94829)

The remote host is a CISCO router containing a version of IOS which is vulnerable to a denial of service attack. An attacker may exploit this flaw to crash the remote device by sending a malformed IKE packet to the remote device. C Tenable Network Security, Inc. include"compat.inc"; if descriptio...

Ubuntu 4.10 / 5.04 / 5.10 : ipsec-tools vulnerability (USN-221-1)

The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer...

Ubuntu 4.10 : ipsec-tools vulnerability (USN-107-1)

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash. This update does not introduce any source code changes affecting the ipsec-tools packag...

Ubuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-169-1)

David Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04...