Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-10396

Published: 06/07/2017 Updated: 27/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Ipsec-tools

Vulnerability Summary

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote malicious user to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ipsec-tools ipsec-tools 0.8.2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2016-10396
Debian Bug report logs - #867986 CVE-2016-10396 Package: racoon; Maintainer for racoon is ipsec-tools packagers <team+ipsec-tools@trackerdebianorg>; Source for racoon is src:ipsec-tools (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 10 Jul 2017 21:21:02 UTC Severity: grave Tags: ...
Ubuntu Security Notice: ipsec-tools vulnerability
ipsec-tools could be made to crash if it received specially crafted network traffic ...
Red Hat: CVE-2016-10396
The racoon daemon in IPsec-Tools 082 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computat ...
Arch Linux Issues:
The racoon daemon in IPsec-Tools 082 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computat ...

References

CWE-407https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?only_with_tag=MAINhttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986https://usn.ubuntu.com/3482-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook