FreeBSD : tarsnap -- cryptographic nonce reuse (2c2d4e83-2370-11e0-a91b-00e0815b8da8)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Colin Percival reports :

In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is
not incremented after each chunk is encrypted. (The CTR counter is
correctly incremented after each 16 bytes of data was processed, but
this counter is reset to zero for each new chunk.)

Note that since the Tarsnap client-server protocol is encrypted, being
able to intercept Tarsnap client-server traffic does not provide an
attacker with access to the data.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51567 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now