search for: netipsec

...================================================== FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced: 2006-03-22 Credits: Pawel Jakub Dawidek Affects: All FreeBSD releases since 4.8-RELEASE Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) 2006-03-22 16:01:56 UTC (RELENG_5...

...================================================== FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced: 2006-03-22 Credits: Pawel Jakub Dawidek Affects: All FreeBSD releases since 4.8-RELEASE Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) 2006-03-22 16:01:56 UTC (RELENG_5...

...duced. Just wait till the soft limit of the SA is expired and do a setkey -F on the remote and then ping through the tunnel. Because the old SA's are preferred and the remote no longer has the old SA's the server and the remote cannot talk through the tunnel. Looking at the source code in netipsec/key.c and comparing it with netkey/key.c I see the there is some differences that didn't make it into netipsec/key.c. Here is a context diff applied to 1.3.2.2 of the changes I made to fix the problem. *** /tmp/ipsec.key.c Thu Sep 11 14:26:07 2003 --- /usr/src/sys/netipsec/key.c Thu Sep 11...

[FreeBSD 7-STABLE/i386] Hello, I've got a 100 % reproductible panic with ipsec when using a 'ping -s 4000'. It works without ipsec My ipsec setup is very simple, i just use setkey: /etc/ipsec.conf flush; spdflush; add 192.168.1.21 192.168.1.200 esp 1011 -E rijndael-cbc "0123456789012345"; add 192.168.1.200 192.168.1.21 esp 1012 -E rijndael-cbc

Stephen Clark wrote: > Robert Noland wrote: >> On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote: >>> Julian Elischer wrote: >>>> Stephen Clark wrote: >>>>> Julian Elischer wrote: >>>>>> you will need to define the setup and question better. >>>> thanks.. cleaning it up a bit more... >>>> >>>>

http://www.uniras.gov.uk/vuls/2004/236929/index.htm ----Quote---- "The impact of this vulnerability varies by vendor and application, but in some deployment scenarios it is rated critical. Please see the vendor section below for further information. Alternatively contact your vendor for product specific information. If exploited, the vulnerability could allow an attacker to create a