Lucene search

Ubuntu.comUB:CVE-2005-0039

HistoryMay 10, 2005 - 12:00 a.m.

CVE-2005-0039

2005-05-1000:00:00

ubuntu.com

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

82.9%

JSON

Certain configurations of IPsec, when using Encapsulating Security Payload
(ESP) in tunnel mode, integrity protection at a higher layer, or
Authentication Header (AH), allow remote attackers to decrypt IPSec
communications by modifying the outer packet in ways that cause plaintext
data from the inner packet to be returned in ICMP messages, as demonstrated
using bit-flipping attacks and (1) Destination Address Rewriting, (2) a
modified header length that causes portions of the packet to be interpreted
as IP Options, or (3) a modified protocol field and source address.

References

launchpad.net/bugs/cve/CVE-2005-0039

nvd.nist.gov/vuln/detail/CVE-2005-0039

security-tracker.debian.org/tracker/CVE-2005-0039

www.cve.org/CVERecord?id=CVE-2005-0039

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

82.9%

JSON

Related for UB:CVE-2005-0039