Vulnerabilities > CVE-2005-0039 - Unspecified vulnerability in Nissc Ipsec 1.0

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

nissc

NVD

Published: 2005-05-10

Updated: 2016-10-18

Summary

Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

Vulnerable Configurations

Part	Description	Count
Application	Nissc Nissc Ipsec 1.0	1

References

http://marc.info/?l=bugtraq&m=111566201610350&w=2
http://secunia.com/advisories/17938
http://securitytracker.com/id?1015320
http://www.kb.cert.org/vuls/id/302220
http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en
http://www.securityfocus.com/archive/1/407774
http://www.securityfocus.com/bid/13562
http://www.vupen.com/english/advisories/2005/0507
http://www.vupen.com/english/advisories/2005/2806