[strongSwan-dev] Is strongswan is affected by CVE-2016-5361
dgollub at brocade.com
Fri Jun 17 19:46:07 CEST 2016
On 06/17/2016 12:45 PM, Nirmoy Das wrote:
> Is by any chance strongswan is affected by this recent reported
> security bug, CVE-2016-5361 ?
> I am not an expert in IKE/IKEv2, it seems IKE protocol is affected by it.
I gave it a quick try with IKEv1 with pluto from earlier strongswan
releases (which is no longer part of the latest strongswan releases).
Pluto seems to retransmit the initial response at least two times.
Haven't tried to get any further amplification.
IKEv1 on charon seems to not perform retransmission on the initial
response. I guess this is due to special handling of half-open IKE_SAs
in the charon implementation.
More information about the Dev