SSH Communications Security Information for VU#459371
Multiple IPsec implementations do not adequately validate authentication data
- Vendor Information Help Date Notified: 20 Aug 2002
- Statement Date:
- Date Updated: 11 Dec 2002
1. CERT/CC Vulnerability Note VU#459371
Multiple IPSec implementations do not adequately validate
CERT/CC has announced a new vulnerability on IPSec (see the
"Vulnerability Note VU#459371" referred). Based on our review, SSH
IPSEC Express Toolkit 4.x/5.x and SSH QuickSec Toolkit 1.x are not
vulnerable to the attack described. The sanity check relevant for
this functionality is located in the transform code of the IPSec
More information can be found at:
This vulnerability has been assigned CAN-2002-0666 by CVE.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.