Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 10:32:01 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com,
        Mitre CVE assign department <cve-assign@...re.org>
Subject: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack

Hi,

I would like to request a CVE for the protocol flaw in IKEv1, details below:

https://www.kb.cert.org/vuls/id/419128
https://blogs.akamai.com/2016/02/ikeikev2-ripe-for-ddos-abuse.html

While the reporter says that IKEv1 and IKEv2 both are affected, we have
reasons to believe that IKEv2 may not be affected:

https://bugzilla.redhat.com/show_bug.cgi?id=1308508#c2

Can a CVE id be please assigned to this?

Thanks!


-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.