PT-2008-2926 · Netbsd · Netbsd

Published

2008-03-13

Updated

2008-12-10

CVE-2008-1335

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NetBSD versions 2.0 through 3.1 NetBSD-current before 20071028

Description The issue allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine. This occurs when the fast ipsec subsystem is enabled.

Recommendations For NetBSD versions 2.0 through 3.1, consider disabling the fast ipsec subsystem until a patch is available. For NetBSD-current before 20071028, update to a version after 20071028 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-1335

Affected Products

Netbsd

PT-2008-2926 · Netbsd · Netbsd

CVE-2008-1335

Related Identifiers

Affected Products

References · 5