Description
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
References (6)
Core 6
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4224
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5304
Various Sources x_refsource_confirm
http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG
Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/259598
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8416.php
Scores
EPSS
0.0074
EPSS Percentile
73.2%
Details
Status
published
Products (9)
freebsd/freebsd
4.2
freebsd/freebsd
4.3
freebsd/freebsd
4.4
freebsd/freebsd
4.5
netbsd/netbsd
1.5
netbsd/netbsd
1.5.1
netbsd/netbsd
1.5.2
openbsd/openbsd
2.6
openbsd/openbsd
2.7
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026