SSH Communications Security Information for VU#459371

Multiple IPsec implementations do not adequately validate authentication data


Not Affected

Vendor Statement

1. CERT/CC Vulnerability Note VU#459371


Multiple IPSec implementations do not adequately validate
authentication data:

    CERT/CC has announced a new vulnerability on IPSec (see the
    "Vulnerability Note VU#459371" referred). Based on our review, SSH
    IPSEC Express Toolkit 4.x/5.x and SSH QuickSec Toolkit 1.x are not
    vulnerable to the attack described. The sanity check relevant for
    this functionality is located in the transform code of the IPSec
    packet processing.

    More information can be found at:

    This vulnerability has been assigned CAN-2002-0666 by CVE.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.