Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0039


Vulnerability Score 6.4 6.4
CVE Id CVE-2005-0039
Last Modified 07 Mar 2011 09:19:27
Published 10 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

Vulnerable Systems


  • Nissc Ipsec 1.0


CERT-VN - VU#302220

VUPEN - ADV-2005-2806

VUPEN - ADV-2005-0507

HP - SSRT5957


BID - 13562

HP - HPSBTU01217

SECTRACK - 1015320

SECUNIA - 17938

BUGTRAQ - 20050509 NISCC Vulnerability Advisory IPSEC - 004033

Last Updated: 27 May 2016 10:39:38