Vulnerabilities > CVE-2002-0666 - Denial of Service vulnerability in Multiple Vendor IPSec Implementation
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 | |
OS | 2 | |
OS | 3 | |
OS | 7 | |
Hardware | 3 | |
Hardware | 6 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-201.NASL |
description | Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15038 |
published | 2004-09-29 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15038 |
title | Debian DSA-201-1 : freeswan - denial of service |
code |
|
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
- http://razor.bindview.com/publish/advisories/adv_ipsec.html
- http://www.debian.org/security/2002/dsa-201
- http://www.iss.net/security_center/static/10411.php
- http://www.kb.cert.org/vuls/id/459371
- http://www.securityfocus.com/bid/6011