The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ipsec-tools | Ipsec-tools | 0.8.2 (including) | 0.8.2 (including) |
| Ipsec-tools | Ubuntu | artful | * |
| Ipsec-tools | Ubuntu | bionic | * |
| Ipsec-tools | Ubuntu | cosmic | * |
| Ipsec-tools | Ubuntu | disco | * |
| Ipsec-tools | Ubuntu | esm-apps/bionic | * |
| Ipsec-tools | Ubuntu | esm-apps/xenial | * |
| Ipsec-tools | Ubuntu | trusty | * |
| Ipsec-tools | Ubuntu | xenial | * |
| Ipsec-tools | Ubuntu | yakkety | * |
| Ipsec-tools | Ubuntu | zesty | * |