CVE-2006-4436

Name of the Vulnerable Software and Affected Versions OpenBSD versions 3.8, 3.9, and possibly earlier versions

Description The issue allows remote attackers to replay IPSec packets and bypass the replay protection by creating Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation.

Recommendations For OpenBSD versions 3.8 and 3.9, consider updating the isakmpd configuration to increase the replay window size to prevent replay attacks. For possibly earlier versions, the same recommendation applies, as the issue may also be present in those versions. As a temporary workaround, consider restricting access to the isakmpd service until a proper fix is applied.