[Bug 225066] CVE-2016-10396 security/ipsec-tools
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Apr 15 08:52:15 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225066
--- Comment #4 from commit-hook at freebsd.org ---
A commit references this bug:
Author: eugen
Date: Sun Apr 15 08:51:12 UTC 2018
New revision: 467375
URL: https://svnweb.freebsd.org/changeset/ports/467375
Log:
MFH: r467313
security/ipsec-tools: fix CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.
The fix obtained from NetBSD CVS head with a command:
cvs diff -D 2017-01-24 -D 2017-09-01 \
src/racoon/handler.h \
src/racoon/isakmp.c \
src/racoon/isakmp_frag.c \
src/racoon/isakmp_inf.c
While here, add LICENSE.
PR: 225066
Approved by: ports-secteam (riggs)
Obtained from: NetBSD
Security: CVE-2016-10396
Security:
https://www.vuxml.org/freebsd/974a6d32-3fda-11e8-aea4-001b216d295b.html
Changes:
_U branches/2018Q2/
branches/2018Q2/security/ipsec-tools/Makefile
branches/2018Q2/security/ipsec-tools/files/patch-handler.c
branches/2018Q2/security/ipsec-tools/files/patch-isakmp.c
branches/2018Q2/security/ipsec-tools/files/patch-isakmp_frag.c
branches/2018Q2/security/ipsec-tools/files/patch-isakmp_inf.c
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list