Family: Debian Local Security Checks --> Category: infos
[DSA1175] DSA-1175-1 isakmpd Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A flaw has been found in isakmpd, OpenBSD's implementation of the
Internet Key Exchange protocol, that caused Security Associations to be
created with a replay window of 0 when isakmpd was acting as the
responder during SA negotiation. This could allow a possible hacker to
re-inject sniffed IPsec packets, which would not be checked against the
For the stable distribution (sarge) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your isakmpd package.
Solution : http://www.debian.org/security/2006/dsa-1175
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.