Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 10, 2005
Not Affected
Check Point products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 17, 2005
Affected
Cisco is vulnerable to the attacks described against IPSec in tunnel mode without authentication configured. Configuring authentication in addition to confidentiality on IPSec tunnels will prohibit the attack, and has been a recommended Cisco best practice. For Cisco's SAFE Blueprint for IPSec VPNs, consult the following link: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a00801dca2d.shtml Questions can be addressed to psirt@cisco.com.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 13, 2005
Not Affected
F5's BIG-IP and TrafficShield products do not support IPSec so are not vulnerable. FirePass supports IPSec as an optional service for securing back-end connections. FirePass supports only restricted configurations which enable both confidentiality and integrity/authentication, so FirePass is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 10, 2005
Not Affected
The AIX Operating System is not vulnerable to the issues described in NISCC advisory 004033 or CERT Vulnerability Note VU#302220. IBM recommends that IPSec be configured with AH support. IPSec will be configured with AH support if it is configured via SMIT or WebSM. It is possible to configure IPSec without AH support using the gentun command. However, even if IPSec is configured without AH support, AIX is not affected by the vulnerabilities described by NISCC advisory 004033. Future versions of the gentun command will remove the possibility for system administrators to configure IPSec without AH support.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 13, 2005
Unknown
Juniper Networks acknowledges that there exists a vulnerability in the IPSec protocol that can be activated through unconventional configuration on M/T/J/E-series routers and ScreenOS based firewalls. Such insecure, vulnerability-enabling configurations are not recommended and are not part of Juniper's default configurations.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 10, 2005
Not Affected
The netfilter/iptables project does not implement IPsec and is therefore not affected.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 10, 2005
Not Affected
Nortel has published Security Advisory Bulletin No 2005005827 on this issue; the bulletin may be found at http://nortel.com/securityadvisories
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 13, 2005 Updated: May 13, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 10, 2005
Not Affected
Wind River's IPSec offerings (Wind Net IPSec and IKE 1.x, Wind Net IPSec and IKE 2.x, and Wind River IPSec and IKE 3.x) are not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: May 09, 2005 Updated: May 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.