[Openswan Users] FW: NISCC Vulnerability Advisory IPSEC - 004033
Paul Wouters
paul at xelerance.com
Tue May 10 01:13:35 CEST 2005
On Mon, 9 May 2005, Ryley Breiddal wrote:
> I received the vulnerability notice below from bugtraq, among other sources.
> I was curious if anyone can decipher whether Openswan is exposed to the flaw
> in default/normal configurations. The notice makes reference to "integrity
> protection" within ESP (as opposed to via AH). Would the "integrity
> protection" be in using MD5/SHA-1 for ESP? If so, would that mean that most
> Openswan tunnels are not vulnerable?
I have not read the full advisory yet, but I can give some preliminairy comments
>> Abstract: Three attacks that apply to certain configurations of IPsec
>> have been identified. These configurations use Encapsulating Security
>> Payload (ESP) in tunnel mode with confidentiality only, or with
All normal configurations should always be using both confidentiality and
authentication.
>> integrity protection being provided by a higher layer protocol. Some
>> configurations using AH to provide integrity protection are also
>> vulnerable.
AH is not really used at all. In fact, we recommend people still use ESP
(and not AH or ESP NULL) even if they trust the encryption in other layers
(eg WEP or WPA), which they should not.
Perhaps Michael can give a more detailed answer,
Paul
More information about the Users
mailing list