FreeBSD : tarsnap -- cryptographic nonce reuse (2c2d4e83-2370-11e0-a91b-00e0815b8da8)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Colin Percival reports :

In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is
not incremented after each chunk is encrypted. (The CTR counter is
correctly incremented after each 16 bytes of data was processed, but
this counter is reset to zero for each new chunk.)

Note that since the Tarsnap client-server protocol is encrypted, being
able to intercept Tarsnap client-server traffic does not provide an
attacker with access to the data.

See also :

http://www.nessus.org/u?63ccf431
http://www.nessus.org/u?03774b6f

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51567 ()

Bugtraq ID:

CVE ID: