kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/ipsec-tools
History
Eugene Grosbein 4e95cbb248 security/ipsec-tools: fix CVE-2016-10396 
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.

The fix obtained from NetBSD CVS head with a command:

cvs diff -D 2017-01-24 -D 2017-09-01 \
	src/racoon/handler.h \
	src/racoon/isakmp.c \
	src/racoon/isakmp_frag.c \
	src/racoon/isakmp_inf.c

While here, add LICENSE.

PR:		225066
Approved by:	VANHULLEBUS Yvan (maintainer timeout, 3 months)
Obtained from:	NetBSD
MFH:		2018Q1
Security:	CVE-2016-10396
2018-04-14 12:07:58 +00:00
..
files security/ipsec-tools: fix CVE-2016-10396 2018-04-14 12:07:58 +00:00
distinfo
Makefile security/ipsec-tools: fix CVE-2016-10396 2018-04-14 12:07:58 +00:00
pkg-descr
pkg-plist