FreeBSD AES-XCBC-MAC algorithm security bypass

freebsd-aesxcbcmac-security-bypass (21551) The risk level is classified as HighHigh Risk

Description:

FreeBSD could allow a remote attacker to bypass security restrictions caused by a programming error in the implementation of the AES-XCBC-MAC algorithm used for authentication. If the AES-XCBC-MAC algorithm is used without any encryption, a remote attacker could forge packets to appear as if the packets orginated from a different system to establish an IPsec session. This would allow the attacker to gain unauthorized access to sensitive information or possibly gain elevated privileges on the system.


Consequences:

Bypass Security

Remedy:

For FreeBSD:
Upgrade to the latest version of FreeBSD (5-STABLE or to RELENG_5_4, RELENG_5_3 security branch dated later than 2005-07-27), as listed in FreeBSD Security Advisory FreeBSD-SA-05:19. See References.

— OR —

Apply the appropriate patch for your system, as listed in the FreeBSD Security Advisory FreeBSD-SA-05:19. See References.

References:

  • FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec: Incorrect key usage in AES-XCBC-MAC.
  • BID-14394: BSD IPsec Session AES-XCBC-MAC Authentication Constant Key Usage Vulnerability
  • CVE-2005-2359: The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.
  • SA16244: FreeBSD IPsec AES-XCBC-MAC Authentication Security Issue
  • SECTRACK ID: 1014586: FreeBSD Bug in IPSec AES-XCBC-MAC Algorithm May Cause the Incorrect Key to Be Used

Platforms Affected:

  • FreeBSD FreeBSD 5.3
  • FreeBSD FreeBSD 5.4

Reported:

Jul 27, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page