CVE-2006-4436

Vulnerability

In OpenBSD 3.8, 3.9, and possibly earlier versions, the Internet Security Association and Key Management Protocol daemon (isakmpd) creates Security Associations (SAs) with a replay window of size 0 when it acts as the responder during SA negotiation [1][3]. This flaw means that no anti-replay state is maintained for the IPSec traffic protected by such SAs. The vulnerable versions are explicitly listed in the OpenBSD 3.8 erratum [3].

Exploitation

An attacker who can observe legitimate IPSec-encrypted packets between two endpoints using an SA negotiated by the vulnerable isakmpd can capture and later replay those packets. The attacker requires network access to the communication path (i.e., they must be able to intercept and inject network traffic). No authentication or user interaction is needed beyond the attacker's ability to perform a network-level man-in-the-middle or packet sniffing position. Because the replay window is zero, the receiving end accepts any replayed packet without detecting the duplication.

Impact

Successful exploitation allows a remote attacker to bypass IPSec replay protection [2]. The attacker can replay captured IPSec packets, potentially causing unintended actions in the receiving system (e.g., delivering duplicated commands, data, or triggering repeat of a protected transaction). The impact is limited to loss of integrity / non-replay assurance; the attacker cannot decrypt the traffic or obtain the original plaintext.

Mitigation

OpenBSD released a patch for isakmpd as part of the 3.8 and 3.9 errata [3][4]. Systems should be updated to the latest patched version of OpenBSD (for 3.8, apply the patch referenced in the erratum; for 3.9, a similar patch is available). No workaround is documented; upgrading is the recommended action.