CVE-2016-5361

Impact:
Moderate
Public Date:
2016-03-14
Bugzilla:
1308508: CVE-2016-5361 IKEv1 protocol is vulnerable to DoS amplification attack
A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server.

Find out more about CVE-2016-5361 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Red Hat Product Security team, does not consider IKEv2 to be affected. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1308508#c2

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (libreswan) RHSA-2016:2603 2016-11-03

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openswan Will not fix
Red Hat Enterprise Linux 6 libreswan Will not fix
Red Hat Enterprise Linux 5 ipsec-tools Will not fix
Red Hat Enterprise Linux 5 openswan Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.