NEC Corporation Information for VU#459371

Multiple IPsec implementations do not adequately validate authentication data

Status

Affected

Vendor Statement

sent on December 4, 2002

[Router Products]

  • IX 5000 Series
    - is NOT vulnerable.
  • IX 1000 / 2000 Series (IX1010, IX1011, IX1020, IX1050, Bluefire IX1035 and IX2010)
    - is vulnerable in the case of Version 4.1 or prior. The exploitation is possible only when IPsec is enabled.
    - Fixed verion is 4.2.13 or greater.
    - To get fixed software, please contact to: <BQOS@ipnw.jp.nec.com>
    - More information (in Japanese): <http://www1.ias.biglobe.ne.jp/IPNW/BQOS/whatsnew.html>

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References

    None

    Addendum

    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.