Linux Security
    Linux Security
    Linux Security

    Debian: New isakmpd packages fix replay protection bypass

    Date
    2516
    Posted By
    A flaw has been found in isakmpd, OpenBSD's implementation of the Internet Key Exchange protocol, that caused Security Associations to be created with a replay window of 0 when isakmpd was acting as the responder during SA negotiation. This could allow an attacker to re-inject sniffed IPsec packets, which would not be checked against the replay counter.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1175-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Noah Meyerhans
    September 13th, 2006                    https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : isakmpd
    Vulnerability  : programming error
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-4436
    BugTraq ID     : 19712
    Debian Bug     : 385894
    
    A flaw has been found in isakmpd, OpenBSD's implementation of the
    Internet Key Exchange protocol, that caused Security Associations to be
    created with a replay window of 0 when isakmpd was acting as the
    responder during SA negotiation.  This could allow an attacker to
    re-inject sniffed IPsec packets, which would not be checked against the
    replay counter.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 20041012-1sarge1
    
    For the unstable distribution (sid) this problem has been fixed in
    version 20041012-4
    
    We recommend that you upgrade your isakmpd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1.dsc
          Size/MD5 checksum:      661 35e8865c2759c66f01c0563a4bdfc124
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1.diff.gz
          Size/MD5 checksum:    68877 90e47af5080893c9ccf7d38aebef6760
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012.orig.tar.gz
          Size/MD5 checksum:   373941 e6d25a9e232fb186e1a48dc06453bd57
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_alpha.deb
          Size/MD5 checksum:   708414 e6894a5a6c7a4586f2c22d28cd0a8f84
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_amd64.deb
          Size/MD5 checksum:   544652 43df55b5251b4cbb2bf3c4fe3528827f
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_arm.deb
          Size/MD5 checksum:   473492 92e5b4ae0fbbb14104d39fe0b1a24597
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_hppa.deb
          Size/MD5 checksum:   535124 d97d6a0357c332c72a8ac313a7f1c301
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_i386.deb
          Size/MD5 checksum:   497670 0a58ae7ef43c38853a58d430389d1840
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_ia64.deb
          Size/MD5 checksum:   786026 f8e473ef442260b13076aa6add875c99
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_m68k.deb
          Size/MD5 checksum:   421268 3f57254cfdded5e2615f4c3b277133e9
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_mips.deb
          Size/MD5 checksum:   568914 cf14999a58edbb20545d8a63f7311f87
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_mipsel.deb
          Size/MD5 checksum:   567060 38fca5d17f6be2c843f92aed15ac3830
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_powerpc.deb
          Size/MD5 checksum:   555978 f3786f6d0f4e556587b372a753184cca
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_s390.deb
          Size/MD5 checksum:   548240 e9cbc0d97b19aac56686d7384de1c219
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_sparc.deb
          Size/MD5 checksum:   514166 7318cf5d5f419d5d00b45faf6d5bc3e1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"2","type":"x","order":"1","pct":22.22,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"7","type":"x","order":"2","pct":77.78,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.