Vulnerability Description
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 5.3 |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc
- http://secunia.com/advisories/16244/PatchVendor Advisory
- http://securitytracker.com/id?1014586
- http://www.securityfocus.com/bid/14394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21551
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc
- http://secunia.com/advisories/16244/PatchVendor Advisory
- http://securitytracker.com/id?1014586
- http://www.securityfocus.com/bid/14394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21551
FAQ
What is CVE-2005-2359?
CVE-2005-2359 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator,...
How severe is CVE-2005-2359?
CVE-2005-2359 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2359?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.