|
Family: Debian Local Security Checks --> Category: infos
[DSA1175] DSA-1175-1 isakmpd Vulnerability Scan
Vulnerability Scan Summary DSA-1175-1 isakmpd
Detailed Explanation for this Vulnerability Test
A flaw has been found in isakmpd, OpenBSD's implementation of the
Internet Key Exchange protocol, that caused Security Associations to be
created with a replay window of 0 when isakmpd was acting as the
responder during SA negotiation. This could allow a possible hacker to
re-inject sniffed IPsec packets, which would not be checked against the
replay counter.
For the stable distribution (sarge) this problem has been fixed in
version 20041012-1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 20041012-4.
We recommend that you upgrade your isakmpd package.
Solution : http://www.debian.org/security/2006/dsa-1175
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|