CVE-2016-5361 - OpenCVE

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libreswan	Libreswan
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
libreswan-0:3.15-8.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2603	2016-11-03T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2016-2603.html
http://www.openwall.com/lists/oss-security/2016/06/10/4
https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6
https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html
https://nvd.nist.gov/vuln/detail/CVE-2016-5361
https://www.cve.org/CVERecord?id=CVE-2016-5361

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-16T14:00:00

Updated: 2024-08-06T01:01:00.153Z

Reserved: 2016-06-09T00:00:00

Link: CVE-2016-5361

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-06-16T14:59:51.890

Modified: 2017-01-18T02:59:07.907

Link: CVE-2016-5361

Redhat

Severity : Moderate

Publid Date: 2016-03-14T00:00:00Z

Links: CVE-2016-5361 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-12T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[swan-dev] 20160313 Proposal: Do not retransmit IKEv1 reply for initial responder states", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html"}, {"name": "RHSA-2016:2603", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2603.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6"}, {"name": "[oss-security] 20160610 Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5361", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[swan-dev] 20160313 Proposal: Do not retransmit IKEv1 reply for initial responder states", "refsource": "MLIST", "url": "https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html"}, {"name": "RHSA-2016:2603", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2603.html"}, {"name": "https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6", "refsource": "CONFIRM", "url": "https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6"}, {"name": "[oss-security] 20160610 Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/10/4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:01:00.153Z"}, "title": "CVE Program Container", "references": [{"name": "[swan-dev] 20160313 Proposal: Do not retransmit IKEv1 reply for initial responder states", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html"}, {"name": "RHSA-2016:2603", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2603.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6"}, {"name": "[oss-security] 20160610 Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/4"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-5361", "datePublished": "2016-06-16T14:00:00", "dateReserved": "2016-06-09T00:00:00", "dateUpdated": "2024-08-06T01:01:00.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF60B77-0610-4B1F-A8B0-012DC533C144", "versionEndIncluding": "3.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each."}, {"lang": "es", "value": "programs/pluto/ikev1.c en libreswan en versiones anteriores a 3.17 retransmite en estados inicial-respuesta, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n de tr\u00e1fico) a trav\u00e9s de un paquete UDP suplantado. NOTA: el comportamiento original cumple con el protocolo IKEv1, pero tiene una actualizaci\u00f3n de seguridad requerida por el vendedor de libreswan; a partir de 2016-06-10, se espera que otras varias implementaciones IKEv1 tengan actualizaciones de seguridad requeridas por el vendedor, con separadas CVEs IDs asignadas a cada una."}], "id": "CVE-2016-5361", "lastModified": "2017-01-18T02:59:07.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-16T14:59:51.890", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2603.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/06/10/4"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6"}, {"source": "cve@mitre.org", "url": "https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2603", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreswan-0:3.15-8.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "IKEv1 protocol is vulnerable to DoS amplification attack", "id": "1308508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308508"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.", "A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server."], "name": "CVE-2016-5361", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ipsec-tools", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openswan", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openswan", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2016-03-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5361\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5361"], "statement": "This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Red Hat Product Security team, does not consider IKEv2 to be affected. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1308508#c2", "threat_severity": "Moderate", "upstream_fix": "libreswan 3.17"}