CVE-2005-2359

Name of the Vulnerable Software and Affected Versions FreeBSD versions 5.3 through 5.4

Description The issue concerns the AES-XCBC-MAC algorithm in IPsec, which is used for authentication. When this algorithm is used without other encryption, it uses a constant key instead of the one assigned by the system administrator. This can allow remote attackers to spoof packets and establish an IPsec session.

Recommendations For FreeBSD versions 5.3 through 5.4, consider using additional encryption to secure IPsec sessions until a fix is available. As a temporary workaround, restrict access to IPsec sessions to minimize the risk of exploitation.