--- Begin Message ---"Three may keep a secret, if two of them are dead" Benjamin Franklin (1706-1790), US scientist and politician.- Serious vulnerability in IPSec - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, May 10 2005 - The National Infrastructure Security Co-ordination Centre (NISCC) in the UK has published a security warning (available at http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en) about the discovery of three attacks that could affect certain IPSec configurations. The vulnerabilities published by the NISCC are in IPSec configurations using Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only. The problem can also arise when the integrity protection is provided by a higher-level protocol or when AH (Authentication Header) is used to provide integrity protection. The problem could allow an attacker to obtain access plain text versions of communication protected by IPSec without too much effort, for this reason the vulnerability is considered high risk. The recommended solution involves configuring ESP in IPSec with simultaneous integrity and confidentiality protection. In any event, the developers of the affected solutions are expected to release patches in the short-term to correct the problem. NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Sober.V; 2)Netsky.P; 3)Mhtredir.gen; 4)Qhost.AF; 5)Shinwow.E. ------------------------------------------------------------ To unsubscribe from Oxygen3 24h-365d, please visit: http://www.pandasoftware.com/unsubscribe.asp To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------
--- End Message ---
