Summary: | <net-misc/libreswan-3.17: DoS amplification attack (CVE-2016-5361) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | floppym |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-06-10 12:52:19 UTC
Seems like a pretty minor issue, but we can stabilize it anyway. amd64 stable @x86, ping. x86 stable. Maintainer(s), please cleanup. CVE-2016-5361 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5361): programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. GLSA Vote: No |