CVE-2006-0905

Name of the Vulnerable Software and Affected Versions FreeBSD versions 4.8 through 6.1-STABLE NetBSD versions 2 through 3

Description A programming error in the fast ipsec component does not properly update the sequence number associated with a Security Association. This allows packets to pass sequence number checks, enabling remote attackers to capture IPSec packets and conduct replay attacks.

Recommendations For FreeBSD versions 4.8 through 6.1-STABLE, update the fast ipsec component to properly handle sequence number updates. For NetBSD versions 2 through 3, update the fast ipsec component to properly handle sequence number updates. As a temporary workaround, consider restricting access to the fast ipsec component to minimize the risk of exploitation.