FreeBSD : FreeBSD -- Missing IPsec anti-replay window check (5797c807-4279-11ea-b184-f8b156ac3ff9)

High Nessus Plugin ID 133709

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. Impact : The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?0eca2786

Plugin Details

Severity: High

ID: 133709

File Name: freebsd_pkg_5797c807427911eab184f8b156ac3ff9.nasl

Version: 1.1

Type: local

Published: 2020/02/14

Updated: 2020/02/14

Dependencies: 12634

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Patch Publication Date: 2020/01/29

Vulnerability Publication Date: 2020/01/28

Reference Information

CVE: CVE-2019-5613

FreeBSD: SA-20:02.ipsec