PT-2002-1468 · Ietf+2 · Ipsec+2

Published

2002-08-12

Updated

2008-09-05

CVE-2002-0414

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NetBSD version 1.5.2 FreeBSD version 4.5

Description The issue affects KAME-derived implementations of IPsec and could cause a Security Gateway that does not use Encapsulating Security Payload to forward forged IPv4 packets, due to improper consultation of the Security Policy Database.

Recommendations For NetBSD version 1.5.2, update the IPsec implementation to properly consult the Security Policy Database. For FreeBSD version 4.5, update the IPsec implementation to properly consult the Security Policy Database. As a temporary workaround, consider restricting the forwarding of IPv4 packets by the Security Gateway until a proper update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0414

Affected Products

Freebsd

Ipsec

Netbsd

PT-2002-1468 · Ietf+2 · Ipsec+2

CVE-2002-0414

Related Identifiers

Affected Products

References · 7