CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5361 – IKEv1 protocol is vulnerable to DoS amplification attack
https://notcve.org/view.php?id=CVE-2016-5361
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. programs/pluto/ikev1.c en libreswan en versiones anteriores a 3.17 retransmite en estados inicial-respuesta, lo que permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de un paquete UDP suplantado. NOTA: el comportamiento original cumple con el protocolo IKEv1, pero tiene una actualización de seguridad requerida por el vendedor de libreswan; a partir de 2016-06-10, se espera que otras varias implementaciones IKEv1 tengan actualizaciones de seguridad requeridas por el vendedor, con separadas CVEs IDs asignadas a cada una. A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server. • http://rhn.redhat.com/errata/RHSA-2016-2603.html http://www.openwall.com/lists/oss-security/2016/06/10/4 https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6 https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html https://access.redhat.com/security/cve/CVE-2016-5361 https://bugzilla.redhat.com/show_bug.cgi?id=1308508 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2015-3204 – libreswan: crafted IKE packet causes daemon restart
https://notcve.org/view.php?id=CVE-2015-3204
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. libreswan 3.9 hasta 3.12 permite a atacantes remotos causar una denegación de servicio (reinicio de demonio) a través de un paquete IKEv1 con (1) bits no asignados configurados en el valor IPSEC DOI o (2) el valor del próxima carga útil configurado en ISAKMP_NEXT_SAK. A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service (daemon crash). • http://rhn.redhat.com/errata/RHSA-2015-1154.html http://www.securityfocus.com/bid/75392 https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt https://security.gentoo.org/glsa/201603-13 https://access.redhat.com/security/cve/CVE-2015-3204 https://bugzilla.redhat.com/show_bug.cgi?id=1223361 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •