FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Missing IPsec anti-replay window check

Affected packages
12.0 <= FreeBSD-kernel < 12.0_13

Details

VuXML ID 5797c807-4279-11ea-b184-f8b156ac3ff9
Discovery 2020-01-28
Entry 2020-01-29

Problem Description:

A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint.

Impact:

The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.

References

CVE Name CVE-2019-5613
FreeBSD Advisory SA-20:02.ipsec

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.