----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
FreeBSD IPsec AES-XCBC-MAC Authentication Security Issue

SECUNIA ADVISORY ID:
SA16244

VERIFY ADVISORY:
http://secunia.com/advisories/16244/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
>From remote

OPERATING SYSTEM:
FreeBSD 5.x
http://secunia.com/product/1132/

DESCRIPTION:
Yukiyo Akisada has reported a security issue in FreeBSD, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

The problem is caused due to an implementation error in IPsec within
the AES-XCBC-MAC authentication algorithm, which causes a constant
key to be used for authentication instead of the
administrator-defined key. This can potentially be exploited to spoof
authentication packets from other IP addresses and bypass any IP-based
access controls on the vulnerable system.

Successful exploitation requires encryption to be disabled.

The security issue has been reported in versions 5.3 and 5.4.

SOLUTION:
Update FreeBSD or apply patch.

Fixed versions:
2005-07-27 08:41:44 UTC (RELENG_6, 6.0-BETA2)
2005-07-27 08:41:56 UTC (RELENG_5, 5.4-STABLE)
2005-07-27 08:42:16 UTC (RELENG_5_4, 5.4-RELEASE-p6)
2005-07-27 08:42:38 UTC (RELENG_5_3, 5.3-RELEASE-p20)

Patch for FreeBSD 5.x:
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch.asc

PROVIDED AND/OR DISCOVERED BY:
Yukiyo Akisada, Yokogawa Electric Corporation.

ORIGINAL ADVISORY:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------