FreeBSD IPsec Replay Vulnerability
BID:17191
Info
FreeBSD IPsec Replay Vulnerability
| Bugtraq ID: | 17191 |
| Class: | Design Error |
| CVE: |
CVE-2006-0905 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2006 12:00AM |
| Updated: | Mar 22 2006 07:49PM |
| Credit: | Pawel Jakub Dawidek is credited with the discovery of this issue. |
| Vulnerable: |
FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.0 -RELEASE FreeBSD FreeBSD 5.4 -RELENG FreeBSD FreeBSD 5.4 -RELEASE FreeBSD FreeBSD 5.4 -PRERELEASE FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELENG FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE/Alpha FreeBSD FreeBSD 5.1 -RELEASE-p5 FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 -RELEASE-p14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.11 -STABLE FreeBSD FreeBSD 4.11 -RELENG FreeBSD FreeBSD 4.11 -RELEASE-p3 FreeBSD FreeBSD 4.10 -RELENG FreeBSD FreeBSD 4.10 -RELEASE-p8 FreeBSD FreeBSD 4.10 -RELEASE FreeBSD FreeBSD 4.10 FreeBSD FreeBSD 4.9 -RELENG FreeBSD FreeBSD 4.9 -PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 -RELENG FreeBSD FreeBSD 4.8 -RELEASE-p7 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 5.4-STABLE FreeBSD FreeBSD 4.10-PRERELEASE |
| Not Vulnerable: | |
Discussion
FreeBSD IPsec Replay Vulnerability
FreeBSD's IPsec implementation is susceptible to remote replay attacks. This issue is due to the improper handling of sequence numbers in IPsec packets.
This issue allows remote attackers to replay IPsec traffic. The exact consequences of successful attacks depend on the nature of the traffic being replayed. This will likely affect only higher-level protocols such as UDP, since they don't provide their own anti-replay features.
FreeBSD's IPsec implementation is susceptible to remote replay attacks. This issue is due to the improper handling of sequence numbers in IPsec packets.
This issue allows remote attackers to replay IPsec traffic. The exact consequences of successful attacks depend on the nature of the traffic being replayed. This will likely affect only higher-level protocols such as UDP, since they don't provide their own anti-replay features.
Exploit / POC
FreeBSD IPsec Replay Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
FreeBSD IPsec Replay Vulnerability
Solution:
The vendor has released an advisory, along with fixes to address this issue. Fixes have been committed to the FreeBSD CVS repository as of 2006-03-22 16:03:25 UTC. Please see the referenced advisory for further information.
FreeBSD FreeBSD 5.4-STABLE
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 6.0 -STABLE
Solution:
The vendor has released an advisory, along with fixes to address this issue. Fixes have been committed to the FreeBSD CVS repository as of 2006-03-22 16:03:25 UTC. Please see the referenced advisory for further information.
FreeBSD FreeBSD 5.4-STABLE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10 -RELEASE-p8
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10 -RELEASE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10 -RELENG
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.11 -RELEASE-p3
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.11 -RELENG
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.11 -STABLE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3 -RELEASE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3 -RELENG
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3 -STABLE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.4 -RELENG
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.4 -PRERELEASE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.4 -RELEASE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 6.0 -RELEASE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 6.0 -STABLE
-
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
References
FreeBSD IPsec Replay Vulnerability
References:
References:
- FreeBSD Homepage (FreeBSD)
- FreeBSD Security Information (FreeBSD)