Hi Nirmoy,
On 06/17/2016 12:45 PM, Nirmoy Das wrote:
Hi
Is by any chance strongswan is affected by this recent reported
security bug, CVE-2016-5361 ?
I am not an expert in IKE/IKEv2, it seems IKE protocol is affected by it.
Ref:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5361
[...]
I gave it a quick try with IKEv1 with pluto from earlier strongswan
releases (which is no longer part of the latest strongswan releases).
Pluto seems to retransmit the initial response at least two times.
Haven't tried to get any further amplification.
IKEv1 on charon seems to not perform retransmission on the initial
response. I guess this is due to special handling of half-open IKE_SAs
in the charon implementation.
Best Regards,
Daniel
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
