Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0039

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-0039
Last Modified 07 Mar 2011 09:19:27
Published 10 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0039

Summary

Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

Vulnerable Systems

Application

  • Nissc Ipsec 1.0


References

CERT-VN - VU#302220

VUPEN - ADV-2005-2806

VUPEN - ADV-2005-0507

HP - SSRT5957

MISC - http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en

BID - 13562

HP - HPSBTU01217

SECTRACK - 1015320

SECUNIA - 17938

BUGTRAQ - 20050509 NISCC Vulnerability Advisory IPSEC - 004033


Last Updated: 27 May 2016 10:39:38