NEC Corporation Information for VU#459371
Multiple IPsec implementations do not adequately validate authentication data
- Vendor Information Help Date Notified: 20 Aug 2002
- Statement Date:
- Date Updated: 11 Dec 2002
sent on December 4, 2002
- IX 5000 Series
- is NOT vulnerable.
- IX 1000 / 2000 Series (IX1010, IX1011, IX1020, IX1050, Bluefire IX1035 and IX2010)
- is vulnerable in the case of Version 4.1 or prior. The exploitation is possible only when IPsec is enabled.
- Fixed verion is 4.2.13 or greater.
- To get fixed software, please contact to: <BQOS@ipnw.jp.nec.com>
- More information (in Japanese): <http://www1.ias.biglobe.ne.jp/IPNW/BQOS/whatsnew.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.