programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-06-16T14:00:00
Updated: 2024-08-06T01:01:00.153Z
Reserved: 2016-06-09T00:00:00
Link: CVE-2016-5361
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-06-16T14:59:51.890
Modified: 2017-01-18T02:59:07.907
Link: CVE-2016-5361
Redhat