Bugtraq mailing list archives
Re: about zlib vulnerability
From: Paul Wouters <paul () xtdnet nl>
Date: Fri, 15 Mar 2002 01:16:41 +0100 (MET)
On Thu, 14 Mar 2002, tele wrote:
The vulnerable zlib 1.1.3 code can be even found on the freeswan 1.95 source tree and previous versions, therefore there's a potential vulnerability at kernel level; besides at the web site http://www.freeswan.org the problem is not properly treated.
From the Freeswan list:
Henry Spencer <henry () spsystems net> wrote:
The FreeS/WAN project classes this bug as non-critical, because an IPsec packet must pass authentication (and be successfully decrypted) before our copy of zlib is asked to decompress it, even if the configuration permits compression (which the default ones do not). This greatly limits real exposure as a result of this bug. Our next release (1.97, expected at the beginning of April) will incorporate the fix.
Paul
Current thread:
- about zlib vulnerability tele (Mar 14)
- Re: about zlib vulnerability Paul Wouters (Mar 14)
- Re: about zlib vulnerability - Microsoft products Davis Ray Sickmon, Jr (Mar 14)