Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0905

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0905
Last Modified 05 Sep 2008 05:00:31
Published 23 Mar 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0905

Summary

A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.

Vulnerable Systems

Operating System

  • Freebsd 4.10

  • Freebsd 4.11

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Freebsd 5.3

  • Freebsd 5.4

  • Freebsd 6.0

  • Netbsd 2.0

  • Netbsd 3.0


References

BID - 17191

SECUNIA - 19366

FREEBSD - FreeBSD-SA-06:11

XF - bsd-ipsec-replay(25398)

OSVDB - 24068

SECTRACK - 1015809

NETBSD - NetBSD-SA2006-011


Last Updated: 27 May 2016 10:41:50