QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5361

Published: Jun 16, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[swan-dev] 20160313 Proposal: Do not retransmit IKEv1 reply for initial responder states

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6

x_refsource_CONFIRM

[oss-security] 20160610 Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.