Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Jun 2016 10:40:48 -0400 (EDT)
From: cve-assign@...re.org
To: huzaifas@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Its not libreswan which is flawed, but its the protocol which they are
> trying to implement.

> which implement IKEv1 are flawed, since they follow this protocol

Many protocols could be described as "flawed." The IKEv1 protocol
amplification concern does not make it flawed in a way that would lead
to a per-protocol CVE ID assignment. We are maintaining the
CVE-2016-5361 ID assignment for the upstream announcement of
"libreswan 3.16 vulnerable to DDOS attack. Please upgrade to 3.17" and
accompanying upstream patch, as described in the
http://www.openwall.com/lists/oss-security/2016/06/10/4 post.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXXsVfAAoJEHb/MwWLVhi2VBIQAJJwLfi5H3I6QQsHWYDakEyg
uhTJOcJJShpTe0UEmUQ/KS16lM7WjcmhmbH7xdB5+yQe9qVK4V78QsmdeGve5gs+
cFSot1v8KNfsZN51B28GVFh1n4TFrDoWPH0AU45zs1/4ryEnYoiz5ckvJjr/qCKd
LiT3GInHiLeUFlpsQ8CbHuonC6lVdkm9tzuSGW00zRuS7wnOD/oanYAOb2s7Mk6K
BkpaTJ4cg/+x1ATvIrD4B8pqAZaBcLJ4CbzIX7iafqt5fi+TOT/1G1AFXO11KHRl
SMES3LYhgWDdXgszgewsHDefG24gx0F72GNvC/wsEcqyJOesW40IwaMDhj12bEJz
DQ05IoYik7/2+5iPwBEJFXf5fAZ78ZlVX/dnW2cvpiTIoUcAfv3iKlmfiNF8fCLq
fQcmZ9EC8BiKVOBXL2a4vbNLeqJhuXCrEhCEt6q43jnV/9qqMkAK5g7HdXeNvTWd
r+TJk7ngGHigYxyMErxpGRjEDEgwusBf8o9WzvMe7JHoEdlaf6Hcczcol8pauDcy
2FAjTg+TzNV3P1LrE2Kjulovz1ApnWKlyMqqG0HCQho2bSzmhQK+HmdK6BmNs/qe
WZXhJt+hr1E0IZjwiuGegGYOMecxFXATj4HjRS1qslO1dPftos0hb4xK3J3yoQMR
T5uAdnR5YRNTB5E/seg0
=XtKp
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ