BSD IPsec Session AES-XCBC-MAC Authentication Constant Key Usage Vulnerability

BSD IPsec Session AES-XCBC-MAC Authentication Constant Key Usage Vulnerability

Solution:
FreeBSD advisory FreeBSD-SA-05:19.ipsec is available to address this issue. Please see the referenced advisory for more information.

Patches are available for FreeBSD 5.3 and 5.4.

A patch is available for NetBSD 2.x versions from the KAME Project.

NetBSD NetBSD 2.0

KAME ah_aesxcbcmac.c.diff
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ah_aesxcbcm ac.c.diff?r1=1.7&r2=1.8

NetBSD NetBSD 2.0.1

KAME ah_aesxcbcmac.c.diff
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ah_aesxcbcm ac.c.diff?r1=1.7&r2=1.8

NetBSD NetBSD 2.0.2

KAME ah_aesxcbcmac.c.diff
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ah_aesxcbcm ac.c.diff?r1=1.7&r2=1.8

FreeBSD FreeBSD 5.3 -RELENG

FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch

FreeBSD FreeBSD 5.4 -RELENG

FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch