FreeBSD Security Advisory (FreeBSD-SA-06:11.ipsec.asc)

Summary
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:11.ipsec.asc
Solution
Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:11.ipsec.asc
Insight
IPsec is a set of protocols, including ESP (Encapsulating Security Payload) and AH (Authentication Header), that provide security services for IP datagrams. ESP protects IP payloads from wire-tapping by encrypting them using secret key cryptography algorithms. AH guarantees the integrity of IP packets and protects them from intermediate alteration or impersonation by attaching a cryptographic checksum computed using one-way hash functions. IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fast_ipsec(4) implementation results in the sequence number associated with a Security Association not being updated, allowing packets to unconditionally pass sequence number verification checks.