CVE-2005-0039

Current Description

Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

Basic Data

PublishedMay 10, 2005
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNisscIpsec1.0*******

Vulnerable Software List

VendorProductVersions
Nissc Ipsec 1.0

References

NameSourceURLTags
20050509 NISCC Vulnerability Advisory IPSEC - 004033http://marc.info/?l=bugtraq&m=111566201610350&w=2BUGTRAQ
17938http://secunia.com/advisories/17938SECUNIA
1015320http://securitytracker.com/id?1015320SECTRACK
VU#302220http://www.kb.cert.org/vuls/id/302220CERT-VNUS Government Resource
http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=enhttp://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=enMISC
SSRT5957http://www.securityfocus.com/archive/1/407774HP
13562http://www.securityfocus.com/bid/13562BID
ADV-2005-0507http://www.vupen.com/english/advisories/2005/0507VUPEN
ADV-2005-2806http://www.vupen.com/english/advisories/2005/2806VUPEN