SB2016050816 - IBM Flex System Chassis Management Module (CMM) update for IPsec-Tools

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016050816

SB2016050816 - IBM Flex System Chassis Management Module (CMM) update for IPsec-Tools

Published: May 8, 2016 Updated: February 21, 2025

Security Bulletin ID SB2016050816
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Input validation error (CVE-ID: CVE-2016-10396)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.


Remediation

Install update from vendor's website.

References