VULHUB ™

KAME is a freely available, open source IPv6 and IPSec implementation. It is distributed and maintained by the KAME Project. Under some circumstances, KAME does not adhere to the RFC-specified protocol, and creates a situation that could have security implications. When an IPv4 network is using Encapsulating Security Payload (ESP) between a system and router endpoints with non-ESP traffic blocked at the Security Gateway (SG), non-ESP IPv4 traffic sent to the SG would be forwarded by the SG. This could allow an attacker with arbitrary access to the network to pass traffic out of the network via the SG. It should be noted that traffic through the SG for the arbitrary host would be blocked, as the router implementation handles this traffic type correctly.

KAME is a freely available, open source IPv6 and IPSec implementation. It is distributed and maintained by the KAME Project. Under some circumstances, KAME does not adhere to the RFC-specified protocol, and creates a situation that could have security implications. When an IPv4 network is using Encapsulating Security Payload (ESP) between a system and router endpoints with non-ESP traffic blocked at the Security Gateway (SG), non-ESP IPv4 traffic sent to the SG would be forwarded by the SG. This could allow an attacker with arbitrary access to the network to pass traffic out of the network via the SG. It should be noted that traffic through the SG for the arbitrary host would be blocked, as the router implementation handles this traffic type correctly.