Back to bug 1308508
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-02-15 12:32:52 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-15 12:32:52 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-02-15 12:41:59 UTC | Blocks | 1308512 | |
| Tomas Hoger | 2016-02-16 09:17:11 UTC | Whiteboard | impact=moderate,public=no,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-7/libreswan=new,fedora-all/libreswan=affected | impact=moderate,public=no,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=new,rhel-6/openswan=new,rhel-6/libreswan=new,rhel-7/libreswan=new,fedora-all/libreswan=affected |
| Paul Wouters | 2016-02-16 21:16:09 UTC | CC | mrogers | |
| Huzaifa S. Sidhpurwala | 2016-03-14 06:36:05 UTC | Whiteboard | impact=moderate,public=no,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=new,rhel-6/openswan=new,rhel-6/libreswan=new,rhel-7/libreswan=new,fedora-all/libreswan=affected | impact=moderate,public=20160314,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=notaffected,rhel-6/openswan=notaffected,rhel-6/libreswan=notaffected,rhel-7/libreswan=notaffected,fedora-all/libreswan=notaffected |
| Huzaifa S. Sidhpurwala | 2016-03-14 06:39:07 UTC | Status | NEW | CLOSED |
| Group | security, qe_staff | |||
| Resolution | --- | NOTABUG | ||
| Summary | EMBARGOED libreswan: IKE/IKEv2 protocol is vulnerable to DoS amplification attack | libreswan: IKE/IKEv2 protocol is vulnerable to DoS amplification attack | ||
| Last Closed | 2016-03-14 02:39:07 UTC | |||
| Paul Wouters | 2016-03-14 11:05:33 UTC | Status | CLOSED | ASSIGNED |
| Resolution | NOTABUG | --- | ||
| Keywords | Reopened | |||
| Huzaifa S. Sidhpurwala | 2016-06-10 04:46:47 UTC | Whiteboard | impact=moderate,public=20160314,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=notaffected,rhel-6/openswan=notaffected,rhel-6/libreswan=notaffected,rhel-7/libreswan=notaffected,fedora-all/libreswan=notaffected | impact=moderate,public=20160314,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=wontfix,rhel-6/openswan=wontfix,rhel-6/libreswan=wontfix,rhel-7/libreswan=affected,fedora-all/libreswan=affected |
| Huzaifa S. Sidhpurwala | 2016-06-10 04:50:36 UTC | Depends On | 1344566 | |
| Huzaifa S. Sidhpurwala | 2016-06-10 04:51:07 UTC | Depends On | 1344567 | |
| Huzaifa S. Sidhpurwala | 2016-06-10 04:56:00 UTC | Blocks | 1323912 | |
| Paul Wouters | 2016-06-10 13:28:47 UTC | Summary | libreswan: IKE/IKEv2 protocol is vulnerable to DoS amplification attack | libreswan: IKEv1 protocol is vulnerable to DoS amplification attack |
| Tomas Hoger | 2016-06-10 13:37:06 UTC | Fixed In Version | libreswan 3.17 | |
| Andrej Nemec | 2016-06-10 14:04:52 UTC | Alias | CVE-2016-5361 | |
| Andrej Nemec | 2016-06-10 14:04:58 UTC | Summary | libreswan: IKEv1 protocol is vulnerable to DoS amplification attack | CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack |
| Tuomo Soini | 2016-06-10 15:11:03 UTC | CC | tis | |
| Huzaifa S. Sidhpurwala | 2016-06-13 04:19:28 UTC | Summary | CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack | CVE-2016-5361 IKEv1 protocol is vulnerable to DoS amplification attack |
| Whiteboard | impact=moderate,public=20160314,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=wontfix,rhel-6/openswan=wontfix,rhel-6/libreswan=wontfix,rhel-7/libreswan=affected,fedora-all/libreswan=affected | impact=moderate,public=20160314,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=wontfix,rhel-6/openswan=wontfix,rhel-6/libreswan=wontfix,rhel-7/libreswan=affected,fedora-all/libreswan=affected,rhel-5/ipsec-tools=wontfix,fedora-all/ipsec-tools=affected,epel-7/ipsec-tools=affected, epel-6/racoon2=affected,epel-7/racoon2=affected,fedora-all/racoon2=affected,epel-6/strongswan=affected,epel-7/strongswan=affected,fedora-all/strongswan=affected,epel-5/ike=wontfix,epel-7/ike=affected,fedora-all/ike=affected,epel-5/vpnc=wontfix,epel-6/vpnc=affected,epel-7/vpnc=affected,fedora-all/vpnc=affected | ||
| Huzaifa S. Sidhpurwala | 2016-08-22 05:56:08 UTC | Doc Text | A traffic amplification flaw was found in the Internet Key Exchange protocol. A remote attacker could use this flaw to cause denial of service via a spoofed UDP packet. Note: This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Libreswan implements a workaround in their code to mitigate this issue. |
|
| Huzaifa S. Sidhpurwala | 2016-08-23 06:39:26 UTC | Blocks | 1323912 | |
| Jaroslav Aster | 2016-09-18 22:20:43 UTC | CC | jaster | |
| Eric Christensen | 2016-10-18 16:33:08 UTC | Doc Text | A traffic amplification flaw was found in the Internet Key Exchange protocol. A remote attacker could use this flaw to cause denial of service via a spoofed UDP packet. Note: This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Libreswan implements a workaround in their code to mitigate this issue. | A traffic amplification flaw was found in the Internet Key Exchange protocol. A remote attacker could use this flaw to cause denial of service via a spoofed UDP packet. |
| Tomas Hoger | 2016-10-31 08:17:55 UTC | Doc Text | A traffic amplification flaw was found in the Internet Key Exchange protocol. A remote attacker could use this flaw to cause denial of service via a spoofed UDP packet. | A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attacks against other hosts on the network by sending it UDP packets with spoofed source address. |
| Martin Prpič | 2016-10-31 14:20:16 UTC | Doc Text | A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attacks against other hosts on the network by sending it UDP packets with spoofed source address. | A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with spoofed source address to that server. |
| Martin Prpič | 2016-10-31 14:22:57 UTC | Doc Text | A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with spoofed source address to that server. | A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server. |
| Product Security DevOps Team | 2019-07-12 13:04:06 UTC | Status | ASSIGNED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-14 06:39:07 UTC | 2019-07-12 13:04:06 UTC | ||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=moderate,public=20160314,reported=20160212,source=upstream,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-5/openswan=wontfix,rhel-6/openswan=wontfix,rhel-6/libreswan=wontfix,rhel-7/libreswan=affected,fedora-all/libreswan=affected,rhel-5/ipsec-tools=wontfix,fedora-all/ipsec-tools=affected,epel-7/ipsec-tools=affected, epel-6/racoon2=affected,epel-7/racoon2=affected,fedora-all/racoon2=affected,epel-6/strongswan=affected,epel-7/strongswan=affected,fedora-all/strongswan=affected,epel-5/ike=wontfix,epel-7/ike=affected,fedora-all/ike=affected,epel-5/vpnc=wontfix,epel-6/vpnc=affected,epel-7/vpnc=affected,fedora-all/vpnc=affected |
Back to bug 1308508