KAME Project Information for VU#459371
Multiple IPsec implementations do not adequately validate authentication data
- Vendor Information Help Date Notified: 20 Aug 2002
- Statement Date:
- Date Updated: 15 Oct 2002
all past KAME-based implementations are vulnerable. which includes:
BSDi/WindRiver BSD/OS 4.2 and beyond
NetBSD 1.5 and beyond
FreeBSD 4.0 and beyond
and probably (if they enable IPsec)
- Juniper JunOS
Extreme Networks ExtremeWare
Hitachi GR2000 router [CommWorks Total Control 100]
Fujitsu GeoStream 920/940 router
the problem has corrected on kame tree on 2002/08/21.
The vendor has not provided us with any further information regarding this vulnerability.
For authoritative statements, please reference specific vendor records.
If you have feedback, comments, or additional information about this vulnerability, please send us email.