CVE Vulnerabilities

CVE-2016-10396

Inefficient Algorithmic Complexity

Published: Jul 06, 2017 | Modified: Jul 27, 2017
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.

Weakness

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Affected Software

Name Vendor Start Version End Version
Ipsec-tools Ipsec-tools 0.8.2 (including) 0.8.2 (including)
Ipsec-tools Ubuntu artful *
Ipsec-tools Ubuntu bionic *
Ipsec-tools Ubuntu cosmic *
Ipsec-tools Ubuntu disco *
Ipsec-tools Ubuntu esm-apps/xenial *
Ipsec-tools Ubuntu trusty *
Ipsec-tools Ubuntu xenial *
Ipsec-tools Ubuntu yakkety *
Ipsec-tools Ubuntu zesty *

References