=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN465
_____________________________________________________________________

DATE                      : 28/08/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running IPsec.

======================================================================

A problem in isakmpd(8) caused IPsec to run partly without replay
protection. If isakmpd(8) was acting as responder during SA negotiation,
SA's with a replay window of size 0 were created. An attacker could
reinject sniffed IPsec packets, which will be accepted without checking the
replay counter.

Patches for the respective releases:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/008_isakmpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/013_isakmpd.patch

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================