ipsec

US-CERT Vulnerability Notes US-CERT Vulnerability Notes US-CERT Vulnerability Notes US-CERT Vulnerability Notes US-CERT Vulnerability Notes US-CERT Vulnerability Note VU#302220 Home | FAQ | Contact | Privacy Policy Vulnerability Notes Database Search Vulnerability Notes Vulnerability Notes Help Information View Notes By Name ID Number CVE Name Date Public Date Published Date Updated Severity Metric Other Documents Technical Alerts Technical Bulletins Alerts Security Tips Vulnerability Note VU#302220 IPsec configurations may be vulnerable to information disclosure OverviewThe IPsec Encapsulating Security Payload protocol used in tunneling mode may be vulnerable to multiple attacks when confidentiality mode is used without integrity protection, or in certain cases where integrity protection is provided by higher-level protocols. I. DescriptionThe IP Security (IPsec) protocol suite are IETF standards commonly used to provide secure networking facilities at the Internet Protocol level such as the establishment of Virtual Private Networks (VPNs). Within the IPsec suite, the Encapsulating Security Payload (ESP) protocol provides confidentiality for packets by applying encryption algorithms, along with several other services. The Authentication Header (AH) protocol can be used to complement the ESP functionality with integrity protection. Both the ESP and AH protocols can be used in either "Transport" or "Tunneling" mode. When Cipher Block Chaining (CBC) encryption, which has a well-known set of flaws allowing bit-flipping attacks, is used by ESP in tunneling mode to provide confidentiality guarantees without proper integrity protection for inner (tunneled) packets, attackers may be able to perform the following attacks: Destination Address Rewriting: The destination IP address of the inner, encrypted packet is modified in a bit-flipping attack. Intermediate gateways may then route the inner packet to the modified destination address once the inner packet is recovered. IP Options modification: The header length and source address of the inner packet is modified by performing a bit-flipping attack on the outer payload. Once the modified inner packet is recovered, the structure of the packet may be affected in such a manner that an Internet Control Message Protocol (ICMP) Parameter Problem message is generated and sent to the source address of the inner packet along with the plaintext payload. This may be intercepted, leading to a recovery of the original inner packet plaintext payload. Protocol Field modification: In a similar manner to the IP Options modification attack, the protocol field and source address of the inner packet are modified in a bit-flipping attack against the outer packet payload. An invalid or unusable value in the protocol field may then cause a system which is processing a recovered inner packet to generate an ICMP Protocol Unreachable message. This ICMP message is then sent back to the (modified) source address with the plaintext payload of the inner packet, which may be intercepted in order to recover the plaintext. These attacks involve an amount of probabilistic success, but any successful attacks disclose information which makes future attacks more efficient. This may allow for automated plaintext recovery with a minimal amount of effort. The underlying problem is the use of CBC mode encryption used for confidentiality, which is susceptible to known attacks that allow the encrypted data to be modified in a known manner. If integrity protection is not applied in a proper fashion to this encrypted data, the change may be undetected and accepted as authentic packet(s). II. ImpactAn unauthenticated remote attacker that is able to intercept and modify IPsec (and ICMP, for some scenarios) communications between security gateways may be able to recover plaintext of the IPsec communications between them. III. SolutionFor vendor-specific solutions, please see your vendor's information regarding this issue. Suggested workarounds include - configuring ESP to use both confidentiality and integrity protection. This is the recommended workaround. - using the Authentication Header (AH) protocol to provide integrity protection along with ESP in a manner which is not vulnerable. - restricting ICMP error reporting with network filters or firewalls. Systems Affected VendorStatusDate Updated 3ComUnknown11-May-2005 AlcatelUnknown11-May-2005 Apple Computer Inc.Unknown11-May-2005 Aruba NetworksUnknown11-May-2005 AT&TUnknown11-May-2005 AvayaUnknown11-May-2005 Avici Systems Inc.Unknown11-May-2005 BorderwareUnknown11-May-2005 CerticomUnknown11-May-2005 Charlotte's Web NetworksUnknown11-May-2005 Check PointNot Vulnerable10-May-2005 Chiaro NetworksUnknown11-May-2005 Cisco Systems Inc.Vulnerable17-May-2005 ClavisterUnknown11-May-2005 Computer AssociatesUnknown11-May-2005 ConnectivaUnknown11-May-2005 Cray Inc.Unknown11-May-2005 Data ConnectionUnknown11-May-2005 DebianUnknown11-May-2005 DlinkUnknown11-May-2005 EMC CorporationUnknown11-May-2005 EngardeUnknown11-May-2005 eSoftUnknown11-May-2005 Extreme NetworksUnknown11-May-2005 F-SecureUnknown11-May-2005 F5 NetworksNot Vulnerable13-May-2005 FortinetUnknown11-May-2005 Foundry Networks Inc.Unknown11-May-2005 FreeBSDUnknown11-May-2005 FreeS/WANUnknown11-May-2005 FujitsuUnknown11-May-2005 Global Technology AssociatesUnknown11-May-2005 Hewlett-Packard CompanyUnknown11-May-2005 HitachiUnknown11-May-2005 HyperchipUnknown11-May-2005 IBMNot Vulnerable10-May-2005 ImmunixUnknown11-May-2005 Ingrian NetworksUnknown11-May-2005 IntelUnknown11-May-2005 Internet Initiative Japan (IIJ)Unknown11-May-2005 Internet Security Systems Inc.Unknown11-May-2005 IntotoUnknown11-May-2005 Juniper NetworksUnknown13-May-2005 KAME ProjectUnknown11-May-2005 LinksysUnknown11-May-2005 Lucent TechnologiesUnknown11-May-2005 LuminousUnknown11-May-2005 MandrakeSoftUnknown11-May-2005 Microsoft CorporationUnknown11-May-2005 MontaVista SoftwareUnknown11-May-2005 Multi-Tech Systems Inc.Unknown11-May-2005 MultinetUnknown11-May-2005 NEC CorporationUnknown11-May-2005 NetBSDUnknown11-May-2005 NetfilterNot Vulnerable10-May-2005 Network ApplianceUnknown11-May-2005 NextHopUnknown11-May-2005 NISTUnknown11-May-2005 NokiaUnknown11-May-2005 Nortel NetworksNot Vulnerable10-May-2005 NovellUnknown11-May-2005 OpenBSDUnknown11-May-2005 Openwall GNU/*/LinuxUnknown11-May-2005 QNXUnknown11-May-2005 Red Hat Inc.Unknown11-May-2005 Redback Networks Inc.Unknown11-May-2005 Riverstone NetworksUnknown11-May-2005 SafeNetUnknown11-May-2005 SCO LinuxUnknown11-May-2005 SCO UnixUnknown11-May-2005 Secure Computing CorporationUnknown11-May-2005 SecureWorksUnknown11-May-2005 SequentUnknown11-May-2005 SGIUnknown11-May-2005 SonicWALL Inc.Unknown13-May-2005 Sony CorporationUnknown11-May-2005 SSH Communications SecurityUnknown11-May-2005 StonesoftUnknown11-May-2005 Sun Microsystems Inc.Unknown11-May-2005 SuSE Inc.Unknown11-May-2005 Symantec CorporationUnknown11-May-2005 TurboLinuxUnknown11-May-2005 UnisysUnknown11-May-2005 WatchGuardUnknown11-May-2005 Wind River Systems Inc.Not Vulnerable10-May-2005 ZyXELUnknown11-May-2005 References http://www.niscc.gov.uk/niscc/docs/re-20050509-00385.pdf?lang=en http://jvn.jp/niscc/NISCC-004033/index.html http://www.ietf.org/ids.by.wg/ipsec.html Credit Thanks to NISCC for reporting this vulnerability, who in turn also credit JPCERT/CC with assistance in coordination efforts. This document was written by Ken MacInnis based primarily on information from NISCC. Other Information Date Public05/09/2005 Date First Published05/09/2005 12:39:30 PM Date Last Updated07/06/2005 CERT Advisory CVE NameCAN-2005-0039 US-CERT Technical Alerts Metric4.32 Document Revision13 If you have feedback, comments, or additional information about this vulnerability, please send us email. Produced 2008 by US-CERT, a government organization Disclaimers and copyright information Get Adobe Reader разделы травертин букмекерский контора фаворит электро лаборатория ковры резиновый многотарифные электросчетчик datamax управление иваново ziplock газовый заправка слюдопластовые втулка кбе врач-гинеколог этнический психология gislaved отзыв распыление ароматизатор герб область штангенциркуль перевод испанский контакт контактор решетка магнитный доска кулер процессор бордюр решетка окон средство самооборона metrobond измеритель температры рассылка корреспонденция индивидуальный банковский ячейка холодильник neff флюрисцентная краска фмс macintosh вакансия красноярск классический аэробика билет цдкж сборный доставка высокотемпературный электроизоляция интеллектуальный электросчетчик варочный поверхность cata тонирование авто конвейер облицовка bella italia фосфорный краска изолента хб квантовый медицина встраиваемый вытяжка билет хоккей проект электропроводка варочный поверхность hansa виниловый дирижабль гиря торговый калибровочный omega купить блинницу тренировка память акриловый вкладыш снегоуборочный машина силуэт слименд лифт серверные корпус консольный переключатель встраиваемый вытяжка электрический прочность 5004.10 (крышка) арманьяк доставка электропечь dimplex model elba электрокотел kyiv apartaments rent санфаянс курьерский почта кислородный концентратор геомаш-центр герб область нард скачать антенна бахила промышленый альпинизм проходить осмотр гинеколог kiev apartaments service фризер summer кухонный нейминг стоматологический услуга вино роза билет большой билет ммдм горячий обед ароматный мир пакет гриппер предохранитель пкэ фосфоресцирующий краска дермато-венеролог фирменный флаг корпоративный обслуживание купля производственный комплекс лечение папиллома передвижной сварочный агрегат ipsec