|
Multiple Vendor IPSec Implementation Denial of Service Vulnerabilities
Solution: Several vendors have solutions available: Internet Initiative Japan has patches available for the IIJ SEIL/neu routers. Upgrade to a firmware revision greater than version 1.63 (available at http://www.seil-neu.com/). Fixes will be available for NEC products in early November. FreeBSD has fixed the vulnerability in CVS. FreeBSD 4.7-RELEASE is not vulnerable. Global Technology Associates has made firmware upgrades available for GNAT Box devices using firmware versions 3.3.x or 3.2.x. Users of version 3.1.x are advised to upgrade. Apple has fixes available for MacOS X 10.2 and MacOS X Server 10.2. NetBSD has released a security advisory. NetBSD 1.6 and NetBSD-current dated 2002-08-23 are not vulnerable to this issue. Users of the NetBSD 1.5 branch are advised to upgrade to the NetBSD 1.5 tree dated 2002-09-05 or later. Further information is provided in the referenced advisory. eSoft InstaGate products are affected by this issue. An attacker must know the IP address of a tunnel endpoint and the SPI value for that tunnel to exploit this issue on InstaGate products. A patch has been made available through eSoft's SoftPak Director. Numerous KAME-based implementations are affected by this vulnerability. Fixes were incorporated into the KAME tree as of 2002/08/21. This issue is present in Astaro Security Linux and has been addressed as of Up2Date 3.211. This update may be applied to systems running Astaro Security Linux Up2Date 3.210. Fixes are available: IBM AIX 5.1
IBM AIX 5.2
FreeS/WAN FreeS/WAN 1.9.6
Apple Mac OS X Server 10.2
Apple Mac OS X 10.2
Global Technology Associates GNAT Box Firmware 3.2
Global Technology Associates GNAT Box Firmware 3.3
IBM AIX 4.3.3
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6
|
|
 Privacy Statement |
