FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ipsec-tools -- remotely exploitable computational-complexity attack

Affected packages
ipsec-tools < 0.8.2_3


VuXML ID 974a6d32-3fda-11e8-aea4-001b216d295b
Discovery 2016-12-02
Entry 2018-04-14

Robert Foggia via NetBSD GNATS reports:

The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending isakmp fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.


CVE Name CVE-2016-10396