HomeFreeBSD
Diffusion FreeBSD ports repository rP467313

security/ipsec-tools: fix CVE-2016-10396
rP467313
Actions

Description

security/ipsec-tools: fix CVE-2016-10396

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.

The fix obtained from NetBSD CVS head with a command:

cvs diff -D 2017-01-24 -D 2017-09-01 \
src/racoon/handler.h \
src/racoon/isakmp.c \
src/racoon/isakmp_frag.c \
src/racoon/isakmp_inf.c

While here, add LICENSE.

PR: 225066
Approved by: VANHULLEBUS Yvan (maintainer timeout, 3 months)
Obtained from: NetBSD
MFH: 2018Q1
Security: CVE-2016-10396

Details

Provenance
eugenAuthored on
Parents
rP467312: Add a port of IOWOW, persistent and fast key-value database engine based
Branches
Unknown
Tags
Unknown

Changes (5)

PathSize
head/
security/
ipsec-tools/
files/

rP467313

View Options

head/security/ipsec-tools/Makefile

Loading...
View Options

head/security/ipsec-tools/files/patch-handler.c

Loading...
View Options

head/security/ipsec-tools/files/patch-isakmp.c

Loading...
View Options

head/security/ipsec-tools/files/patch-isakmp_frag.c

Loading...
View Options

head/security/ipsec-tools/files/patch-isakmp_inf.c

Loading...