# question to CVE ipsec-tools



## talsamon (Jan 11, 2018)

I am not sure, so I post it here.
Found this:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-10396

```
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP
fragments. The implementation permits a remote attacker to exhaust
computational resources on the remote endpoint by repeatedly sending
ISAKMP fragment packets in a particular order such that the worst-case
computational complexity is realized in the algorithm utilized to
determine if reassembly of the fragments can take place.
```

Found nothing about this here
https://vuxml.freebsd.org/freebsd/index-cve.html

NetBsd seems have a patch
http://cvsweb.netbsd.org/bsdweb.cgi.../racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
and a correction of the patch
http://gnats.netbsd.org/51682

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2016-10396

If somebody confirm, this is not in our vuxml-database, I will file a PR.


----------



## SirDice (Jan 11, 2018)

talsamon said:


> If somebody confirm, this is not in our vuxml-database, I will file a PR.


I can't find any mention of the CVE in the commit logs for this port either. So filing the PR is best course of action. You can also shoot off an email to ports-secteam@FreeBSD.org so they can update the VuXML.

https://www.vuxml.org/freebsd/


----------



## talsamon (Jan 11, 2018)

Thanks! PR 225066


----------

