Debian: New isakmpd packages fix replay protection bypass
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 1175-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans September 13th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : isakmpd Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-4436 BugTraq ID : 19712 Debian Bug : 385894 A flaw has been found in isakmpd, OpenBSD's implementation of the Internet Key Exchange protocol, that caused Security Associations to be created with a replay window of 0 when isakmpd was acting as the responder during SA negotiation. This could allow an attacker to re-inject sniffed IPsec packets, which would not be checked against the replay counter. For the stable distribution (sarge) this problem has been fixed in version 20041012-1sarge1 For the unstable distribution (sid) this problem has been fixed in version 20041012-4 We recommend that you upgrade your isakmpd package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 661 35e8865c2759c66f01c0563a4bdfc124 Size/MD5 checksum: 68877 90e47af5080893c9ccf7d38aebef6760 Size/MD5 checksum: 373941 e6d25a9e232fb186e1a48dc06453bd57 Alpha architecture: Size/MD5 checksum: 708414 e6894a5a6c7a4586f2c22d28cd0a8f84 AMD64 architecture: Size/MD5 checksum: 544652 43df55b5251b4cbb2bf3c4fe3528827f ARM architecture: Size/MD5 checksum: 473492 92e5b4ae0fbbb14104d39fe0b1a24597 HP Precision architecture: Size/MD5 checksum: 535124 d97d6a0357c332c72a8ac313a7f1c301 Intel IA-32 architecture: Size/MD5 checksum: 497670 0a58ae7ef43c38853a58d430389d1840 Intel IA-64 architecture: Size/MD5 checksum: 786026 f8e473ef442260b13076aa6add875c99 Motorola 680x0 architecture: Size/MD5 checksum: 421268 3f57254cfdded5e2615f4c3b277133e9 Big endian MIPS architecture: Size/MD5 checksum: 568914 cf14999a58edbb20545d8a63f7311f87 Little endian MIPS architecture: Size/MD5 checksum: 567060 38fca5d17f6be2c843f92aed15ac3830 PowerPC architecture: Size/MD5 checksum: 555978 f3786f6d0f4e556587b372a753184cca IBM S/390 architecture: Size/MD5 checksum: 548240 e9cbc0d97b19aac56686d7384de1c219 Sun Sparc architecture: Size/MD5 checksum: 514166 7318cf5d5f419d5d00b45faf6d5bc3e1 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org