Site Navigation

Date:      Sun, 15 Apr 2018 08:52:12 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 225066] CVE-2016-10396 security/ipsec-tools
Message-ID:  <bug-225066-7501-DD1pBBarYG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-225066-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-225066-7501@https.bugs.freebsd.org/bugzilla/>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225066

--- Comment #4 from commit-hook@freebsd.org ---
A commit references this bug:

Author: eugen
Date: Sun Apr 15 08:51:12 UTC 2018
New revision: 467375
URL: https://svnweb.freebsd.org/changeset/ports/467375

Log:
  MFH: r467313

  security/ipsec-tools: fix CVE-2016-10396

  The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
  computational-complexity attack when parsing and storing ISAKMP fragments.
  The implementation permits a remote attacker to exhaust computational
  resources on the remote endpoint by repeatedly sending ISAKMP fragment
  packets in a particular order such that the worst-case computational
  complexity is realized in the algorithm utilized to determine
  if reassembly of the fragments can take place.

  The fix obtained from NetBSD CVS head with a command:

  cvs diff -D 2017-01-24 -D 2017-09-01 \
        src/racoon/handler.h \
        src/racoon/isakmp.c \
        src/racoon/isakmp_frag.c \
        src/racoon/isakmp_inf.c

  While here, add LICENSE.

  PR:           225066
  Approved by:  ports-secteam (riggs)
  Obtained from:        NetBSD
  Security:     CVE-2016-10396
  Security:=20=20=20=20
https://www.vuxml.org/freebsd/974a6d32-3fda-11e8-aea4-001b216d295b.html

Changes:
_U  branches/2018Q2/
  branches/2018Q2/security/ipsec-tools/Makefile
  branches/2018Q2/security/ipsec-tools/files/patch-handler.c
  branches/2018Q2/security/ipsec-tools/files/patch-isakmp.c
  branches/2018Q2/security/ipsec-tools/files/patch-isakmp_frag.c
  branches/2018Q2/security/ipsec-tools/files/patch-isakmp_inf.c

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225066-7501-DD1pBBarYG>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact