FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ipsec-tools -- remotely exploitable computational-complexity attack

Affected packages
ipsec-tools < 0.8.2_3

Details

VuXML ID 974a6d32-3fda-11e8-aea4-001b216d295b
Discovery 2016-12-02
Entry 2018-04-14

Robert Foggia via NetBSD GNATS reports:

The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending isakmp fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.

[source]

References

CVE Name CVE-2016-10396
URL https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.