[strongSwan-dev] Is strongswan is affected by CVE-2016-5361

Daniel Gollub dgollub at brocade.com
Fri Jun 17 19:46:07 CEST 2016

Hi Nirmoy,

On 06/17/2016 12:45 PM, Nirmoy Das wrote:
> Hi
> Is by any chance  strongswan  is affected by this recent reported
> security bug, CVE-2016-5361 ?
> I am not an expert in IKE/IKEv2,  it seems IKE protocol is affected by it.
> Ref:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5361
> [...]

I gave it a quick try with IKEv1 with pluto from earlier strongswan 
releases (which is no longer part of the latest strongswan releases).

Pluto seems to retransmit the initial response at least two times. 
Haven't tried to get any further amplification.

IKEv1 on charon seems to not perform retransmission on the initial 
response. I guess this is due to special handling of half-open IKE_SAs 
in the charon implementation.

Best Regards,

More information about the Dev mailing list