TITLE: FreeBSD IPsec Sequence Number Verification Bypass SECUNIA ADVISORY ID: SA19366 VERIFY ADVISORY: http://secunia.com/advisories/19366/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: FreeBSD 4.x http://secunia.com/product/139/ FreeBSD 5.x http://secunia.com/product/1132/ FreeBSD 6.x http://secunia.com/product/6778/ DESCRIPTION: A security issue has been reported in FreeBSD, which potentially can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the incorrect update of the sequence number associated with a Security Association in the "fast_ipsec" implementation. This allows certain packets to unconditionally bypass sequence number verification checks. Successful exploitation allows an attacker to capture IPSec packets and subsequently replay them. The security issue has been reported in all FreeBSD versions since 4.8-RELEASE. SOLUTION: Update FreeBSD or apply patch. Fixed versions: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) Patch for FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch.asc PROVIDED AND/OR DISCOVERED BY: The vendor credits Pawel Jakub Dawidek. ORIGINAL ADVISORY: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------