[Bug 225066] CVE CVE-2016-10396 securtiy/ipsec-tools
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jan 11 09:08:48 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225066
Bug ID: 225066
Summary: CVE CVE-2016-10396 securtiy/ipsec-tools
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: w.schwarzenfeld at utanet.at
I am not sure, so I post it here.
Found this:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-10396
Code:
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP
fragments. The implementation permits a remote attacker to exhaust
computational resources on the remote endpoint by repeatedly sending
ISAKMP fragment packets in a particular order such that the worst-case
computational complexity is realized in the algorithm utilized to
determine if reassembly of the fragments can take place.
Found nothing about this here
https://vuxml.freebsd.org/freebsd/index-cve.html
NetBsd seems to have a patch
http://cvsweb.netbsd.org/bsdweb.cgi.../racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
and a correction of the patch
http://gnats.netbsd.org/51682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2016-10396
sent a mail to the maintainer and ports-secteam at FreeBSD.org
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list