NetBSD IPsec-AH AES-XCBC-MAC Fixed Key Calculation Weakness

2005-10-31T00:00:00
ID OSVDB:20727
Type osvdb
Reporter Suzuki Shinsuike(), Yukiyo Akisada()
Modified 2005-10-31T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a malicious attacker to bypass IP Security (IPsec). The issue is triggered when a machine using IPsec with AH and the AES-XCBC-MAC algorithm incorrectly uses a fixed key instead of the provided one. It is possible that the flaw may allow the acceptance of forged packets, resulting in a loss of integrity.

Solution Description

Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetBSD contains a flaw that may allow a malicious attacker to bypass IP Security (IPsec). The issue is triggered when a machine using IPsec with AH and the AES-XCBC-MAC algorithm incorrectly uses a fixed key instead of the provided one. It is possible that the flaw may allow the acceptance of forged packets, resulting in a loss of integrity.

References:

Vendor URL: http://www.netbsd.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015132 Related OSVDB ID: 20725 Related OSVDB ID: 20728 Related OSVDB ID: 20731 Related OSVDB ID: 20726 Related OSVDB ID: 20729 Related OSVDB ID: 20730 Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051101-00969.html?lang=en Keyword: NetBSD Security Advisory 2005-007