Date: Thu, 11 Jan 2018 09:08:47 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 225066] CVE CVE-2016-10396 securtiy/ipsec-tools Message-ID: <bug-225066-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225066 Bug ID: 225066 Summary: CVE CVE-2016-10396 securtiy/ipsec-tools Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: w.schwarzenfeld@utanet.at I am not sure, so I post it here. Found this: https://bugzilla.redhat.com/show_bug.cgi?id=3DCVE-2016-10396 Code: The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. Found nothing about this here https://vuxml.freebsd.org/freebsd/index-cve.html NetBsd seems to have a patch =20=20=20 http://cvsweb.netbsd.org/bsdweb.cgi.../racoon/isakmp_frag.c.diff?r1=3D1.5&r= 2=3D1.5.36.1 and a correction of the patch http://gnats.netbsd.org/51682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2016-10396 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=3DCVE-2016-10396 sent a mail to the maintainer and ports-secteam@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225066-13>