What is the severity of CVE-2006-0905?

CVE-2006-0905 has a moderate severity level due to its potential to allow attackers to capture IPSec packets.

How do I fix CVE-2006-0905?

To address CVE-2006-0905, users should upgrade to the latest stable versions of FreeBSD or NetBSD that contain the security fixes.

Which systems are affected by CVE-2006-0905?

CVE-2006-0905 affects FreeBSD versions 4.8-RELEASE through 6.1-STABLE and NetBSD versions 2 through 3.

What attack vector does CVE-2006-0905 exploit?

CVE-2006-0905 exploits a programming error that allows packets to bypass sequence number checks in IPSec.

Are there any known exploits for CVE-2006-0905?

Yes, there are known exploits for CVE-2006-0905 that enable remote attackers to capture sensitive IPSec packets.

Vulnerability/
CVE-2006-0905

high

7.5

CWE

NVD-CWE-Other

23/3/2006

7/8/2024

CVE-2006-0905

First published: Thu Mar 23 2006(Updated: )

A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=4.8-release_p7
FreeBSD FreeBSD	=5.4-releng
FreeBSD FreeBSD	=5.3-release
FreeBSD FreeBSD	=5.1-releng
FreeBSD FreeBSD	=5.3
FreeBSD FreeBSD	=5.1-release_p5
FreeBSD FreeBSD	=5.2.1-releng
FreeBSD FreeBSD	=5.0-release_p14
FreeBSD FreeBSD	=5.1-release
FreeBSD FreeBSD	=5.0-releng
FreeBSD FreeBSD	=5.1-alpha
FreeBSD FreeBSD	=4.10-releng
FreeBSD FreeBSD	=4.11-releng
FreeBSD FreeBSD	=4.10-release
FreeBSD FreeBSD	=4.9-releng
FreeBSD FreeBSD	=5.1
FreeBSD FreeBSD	=4.9-pre-release
FreeBSD FreeBSD	=4.8-pre-release
FreeBSD FreeBSD	=5.4-stable
FreeBSD FreeBSD	=5.2
FreeBSD FreeBSD	=4.11-release_p3
FreeBSD FreeBSD	=4.10-release_p8
FreeBSD FreeBSD	=4.8
FreeBSD FreeBSD	=5.4-pre-release
FreeBSD FreeBSD	=6.0-release
FreeBSD FreeBSD	=4.10
FreeBSD FreeBSD	=5.4-release
FreeBSD FreeBSD	=5.0-alpha
NetBSD NetBSD	=3.0
FreeBSD FreeBSD	=5.2.1-release
FreeBSD FreeBSD	=4.8-releng
FreeBSD FreeBSD	=5.0
NetBSD NetBSD	=2.0
FreeBSD FreeBSD	=6.0-stable
FreeBSD FreeBSD	=5.3-stable
FreeBSD FreeBSD	=4.9
FreeBSD FreeBSD	=5.3-releng
FreeBSD FreeBSD	=4.11-stable

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0905?
CVE-2006-0905 has a moderate severity level due to its potential to allow attackers to capture IPSec packets.
How do I fix CVE-2006-0905?
To address CVE-2006-0905, users should upgrade to the latest stable versions of FreeBSD or NetBSD that contain the security fixes.
Which systems are affected by CVE-2006-0905?
CVE-2006-0905 affects FreeBSD versions 4.8-RELEASE through 6.1-STABLE and NetBSD versions 2 through 3.
What attack vector does CVE-2006-0905 exploit?
CVE-2006-0905 exploits a programming error that allows packets to bypass sequence number checks in IPSec.
Are there any known exploits for CVE-2006-0905?
Yes, there are known exploits for CVE-2006-0905 that enable remote attackers to capture sensitive IPSec packets.

agent/type
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/remedy
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/source
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/4.8-release_p7
version/freebsd freebsd/5.4-releng
version/freebsd freebsd/5.3-release
version/freebsd freebsd/5.1-releng
version/freebsd freebsd/5.3
version/freebsd freebsd/5.1-release_p5
version/freebsd freebsd/5.2.1-releng
version/freebsd freebsd/5.0-release_p14
version/freebsd freebsd/5.1-release
version/freebsd freebsd/5.0-releng
version/freebsd freebsd/5.1-alpha
version/freebsd freebsd/4.10-releng
version/freebsd freebsd/4.11-releng
version/freebsd freebsd/4.10-release
version/freebsd freebsd/4.9-releng
version/freebsd freebsd/5.1
version/freebsd freebsd/4.9-pre-release
version/freebsd freebsd/4.8-pre-release
version/freebsd freebsd/5.4-stable
version/freebsd freebsd/5.2
version/freebsd freebsd/4.11-release_p3
version/freebsd freebsd/4.10-release_p8
version/freebsd freebsd/4.8
version/freebsd freebsd/5.4-pre-release
version/freebsd freebsd/6.0-release
version/freebsd freebsd/4.10
version/freebsd freebsd/5.4-release
version/freebsd freebsd/5.0-alpha
vendor/netbsd
canonical/netbsd netbsd
version/netbsd netbsd/3.0
version/freebsd freebsd/5.2.1-release
version/freebsd freebsd/4.8-releng
version/freebsd freebsd/5.0
version/netbsd netbsd/2.0
version/freebsd freebsd/6.0-stable
version/freebsd freebsd/5.3-stable
version/freebsd freebsd/4.9
version/freebsd freebsd/5.3-releng
version/freebsd freebsd/4.11-stable

CVE-2006-0905

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0905?

How do I fix CVE-2006-0905?

Which systems are affected by CVE-2006-0905?

What attack vector does CVE-2006-0905 exploit?

Are there any known exploits for CVE-2006-0905?

Company

Resources

Contact