FreeBSD-SA-05:19.ipsec "Incorrect key usage in AES-XCBC-MAC"
The FreeBSD Project よりセキュリティ勧告が出ました。要点を以下にまとめます。
- 未稿
セキュリティ勧告は ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc にあります。
以下は上記のセキュリティ勧告の一部とその訳文です。ただし品質は保証致しません。
I. 背景 - Background
IPsec is a security protocol for the Internet Protocol networking layer. It provides a combination of encryption and authentication of system, using several possible cryptography algorithms.
II. 問題の詳細 - Problem Description
A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator.
III. 影響範囲 - Impact
If the AES-XCBC-MAC algorithm is used for authentication in the absence of any encryption, then an attacker may be able to forge packets which appear to originate from a different system and thereby succeed in establishing an IPsec session. If access to sensitive information or systems is controlled based on the identity of the source system, this may result in information disclosure or privilege escalation.
