oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack

From: cve-assign () mitre org
Date: Mon, 13 Jun 2016 10:40:48 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Its not libreswan which is flawed, but its the protocol which they are
trying to implement.



which implement IKEv1 are flawed, since they follow this protocol


Many protocols could be described as "flawed." The IKEv1 protocol
amplification concern does not make it flawed in a way that would lead
to a per-protocol CVE ID assignment. We are maintaining the
CVE-2016-5361 ID assignment for the upstream announcement of
"libreswan 3.16 vulnerable to DDOS attack. Please upgrade to 3.17" and
accompanying upstream patch, as described in the
http://www.openwall.com/lists/oss-security/2016/06/10/4 post.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXXsVfAAoJEHb/MwWLVhi2VBIQAJJwLfi5H3I6QQsHWYDakEyg
uhTJOcJJShpTe0UEmUQ/KS16lM7WjcmhmbH7xdB5+yQe9qVK4V78QsmdeGve5gs+
cFSot1v8KNfsZN51B28GVFh1n4TFrDoWPH0AU45zs1/4ryEnYoiz5ckvJjr/qCKd
LiT3GInHiLeUFlpsQ8CbHuonC6lVdkm9tzuSGW00zRuS7wnOD/oanYAOb2s7Mk6K
BkpaTJ4cg/+x1ATvIrD4B8pqAZaBcLJ4CbzIX7iafqt5fi+TOT/1G1AFXO11KHRl
SMES3LYhgWDdXgszgewsHDefG24gx0F72GNvC/wsEcqyJOesW40IwaMDhj12bEJz
DQ05IoYik7/2+5iPwBEJFXf5fAZ78ZlVX/dnW2cvpiTIoUcAfv3iKlmfiNF8fCLq
fQcmZ9EC8BiKVOBXL2a4vbNLeqJhuXCrEhCEt6q43jnV/9qqMkAK5g7HdXeNvTWd
r+TJk7ngGHigYxyMErxpGRjEDEgwusBf8o9WzvMe7JHoEdlaf6Hcczcol8pauDcy
2FAjTg+TzNV3P1LrE2Kjulovz1ApnWKlyMqqG0HCQho2bSzmhQK+HmdK6BmNs/qe
WZXhJt+hr1E0IZjwiuGegGYOMecxFXATj4HjRS1qslO1dPftos0hb4xK3J3yoQMR
T5uAdnR5YRNTB5E/seg0
=XtKp
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: