OpenBSD isakmpd Error Lets Remote Users Bypass the Replay Protection
|
|
SecurityTracker Alert ID: 1016757 |
|
SecurityTracker URL: http://securitytracker.com/id/1016757
|
|
CVE Reference:
CVE-2006-4436
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Aug 25 2006
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in isakmpd on OpenBSD. A remote user can bypass IPSec packet replay protection.
When isakmpd(8) acts as responder during security assocation (SA) negotiation, SA's with a replay window of size 0 may be created. This allows a remote user with the ability to sniff IPSec packets to reinject those packets without the replay being detected.
|
Impact:
A remote user may be able to bypass the replay protection in certain cases.
|
Solution:
OpenBSD has issued the following fixes:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/008_isakmpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/013_isakmpd.patch
|
Vendor URL: www.openbsd.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
UNIX (OpenBSD)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 25 Aug 2006 15:57:59 -0400
Subject: OpenBSD vulnerability
|
SECURITY FIX: August 25, 2006 All architectures
A problem in isakmpd(8) caused IPsec to run partly without replay protection. If
isakmpd(8) was acting as responder during SA negotiation, SA's with a replay window of
size 0 were created. An attacker could reinject sniffed IPsec packets, which will be
accepted without checking the replay counter.
A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/008_isakmpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/013_isakmpd.patch
|
|
