FKIE_CVE-2005-0039

Vulnerability from fkie_nvd - Published: 2005-05-10 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=111566201610350&w=2
cve@mitre.orghttp://secunia.com/advisories/17938
cve@mitre.orghttp://securitytracker.com/id?1015320
cve@mitre.orghttp://www.kb.cert.org/vuls/id/302220US Government Resource
cve@mitre.orghttp://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en
cve@mitre.orghttp://www.securityfocus.com/archive/1/407774
cve@mitre.orghttp://www.securityfocus.com/bid/13562
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/0507
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2806
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=111566201610350&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17938
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015320
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/302220US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/407774
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13562
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0507
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2806
Impacted products
Vendor Product Version
nissc ipsec 1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nissc:ipsec:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA6334A-DD3E-45AC-B908-73990050BF1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address."
    }
  ],
  "id": "CVE-2005-0039",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-10T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111566201610350\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17938"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015320"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/302220"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/407774"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/13562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/0507"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111566201610350\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/302220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/407774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/13562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2806"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.