Bug 225066

Summary: CVE-2016-10396 security/ipsec-tools
Product: Ports & Packages Reporter: Walter Schwarzenfeld <w.schwarzenfeld>
Component: Individual Port(s)Assignee: Eugene Grosbein <eugen>
Status: Closed FIXED    
Severity: Affects Only Me CC: eugen, net, pi, ports-secteam
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Walter Schwarzenfeld 2018-01-11 09:08:47 UTC 
I am not sure, so I post it here.
    Found this:
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-10396
    Code:

    The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
    computational-complexity attack when parsing and storing ISAKMP
    fragments. The implementation permits a remote attacker to exhaust
    computational resources on the remote endpoint by repeatedly sending
    ISAKMP fragment packets in a particular order such that the worst-case
    computational complexity is realized in the algorithm utilized to
    determine if reassembly of the fragments can take place.



    Found nothing about this here
    https://vuxml.freebsd.org/freebsd/index-cve.html

    NetBsd seems to have a patch
    http://cvsweb.netbsd.org/bsdweb.cgi.../racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
    and a correction of the patch
    http://gnats.netbsd.org/51682

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
    https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2016-10396

sent a mail to the maintainer and ports-secteam@FreeBSD.org
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-04-14 12:05:19 UTC 
A commit references this bug:

Author: eugen
Date: Sat Apr 14 12:04:55 UTC 2018
New revision: 467311
URL: https://svnweb.freebsd.org/changeset/ports/467311

Log:
  ipsec-tools: document remotely exploitable computational-complexity attack.

  PR:		225066
  Security:	CVE-2016-10396

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-04-14 12:08:28 UTC 
A commit references this bug:

Author: eugen
Date: Sat Apr 14 12:07:59 UTC 2018
New revision: 467313
URL: https://svnweb.freebsd.org/changeset/ports/467313

Log:
  security/ipsec-tools: fix CVE-2016-10396

  The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
  computational-complexity attack when parsing and storing ISAKMP fragments.
  The implementation permits a remote attacker to exhaust computational
  resources on the remote endpoint by repeatedly sending ISAKMP fragment
  packets in a particular order such that the worst-case computational
  complexity is realized in the algorithm utilized to determine
  if reassembly of the fragments can take place.

  The fix obtained from NetBSD CVS head with a command:

  cvs diff -D 2017-01-24 -D 2017-09-01 \
  	src/racoon/handler.h \
  	src/racoon/isakmp.c \
  	src/racoon/isakmp_frag.c \
  	src/racoon/isakmp_inf.c

  While here, add LICENSE.

  PR:		225066
  Approved by:	VANHULLEBUS Yvan (maintainer timeout, 3 months)
  Obtained from:	NetBSD
  MFH:		2018Q1
  Security:	CVE-2016-10396

Changes:
  head/security/ipsec-tools/Makefile
  head/security/ipsec-tools/files/patch-handler.c
  head/security/ipsec-tools/files/patch-isakmp.c
  head/security/ipsec-tools/files/patch-isakmp_frag.c
  head/security/ipsec-tools/files/patch-isakmp_inf.c
Comment 3 Eugene Grosbein freebsd_committer freebsd_triage 2018-04-14 12:22:42 UTC 
Fixed, thank you for the report.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-04-15 08:52:12 UTC 
A commit references this bug:

Author: eugen
Date: Sun Apr 15 08:51:12 UTC 2018
New revision: 467375
URL: https://svnweb.freebsd.org/changeset/ports/467375

Log:
  MFH: r467313

  security/ipsec-tools: fix CVE-2016-10396

  The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
  computational-complexity attack when parsing and storing ISAKMP fragments.
  The implementation permits a remote attacker to exhaust computational
  resources on the remote endpoint by repeatedly sending ISAKMP fragment
  packets in a particular order such that the worst-case computational
  complexity is realized in the algorithm utilized to determine
  if reassembly of the fragments can take place.

  The fix obtained from NetBSD CVS head with a command:

  cvs diff -D 2017-01-24 -D 2017-09-01 \
  	src/racoon/handler.h \
  	src/racoon/isakmp.c \
  	src/racoon/isakmp_frag.c \
  	src/racoon/isakmp_inf.c

  While here, add LICENSE.

  PR:		225066
  Approved by:	ports-secteam (riggs)
  Obtained from:	NetBSD
  Security:	CVE-2016-10396
  Security:	https://www.vuxml.org/freebsd/974a6d32-3fda-11e8-aea4-001b216d295b.html

Changes:
_U  branches/2018Q2/
  branches/2018Q2/security/ipsec-tools/Makefile
  branches/2018Q2/security/ipsec-tools/files/patch-handler.c
  branches/2018Q2/security/ipsec-tools/files/patch-isakmp.c
  branches/2018Q2/security/ipsec-tools/files/patch-isakmp_frag.c
  branches/2018Q2/security/ipsec-tools/files/patch-isakmp_inf.c