oss-sec mailing list archives
Re: ipsec-tools 0.7.2
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 4 May 2009 19:46:08 +0200
Hi Steve! On Wed, 29 Apr 2009 16:56:58 +0200 Tomas Hoger <thoger () redhat com> wrote:
http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611 http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce Upstream announcement mentions one security fix (DoS / NULL deref reported by Neil Kettle), fixed in: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?f=h#rev1.4.6.1
Can you please assign CVE to this? This crash can happen during phase1 of ISAKMP. Problem occurs when all fragments received contain no payload, only headers. Few more details in: https://bugzilla.redhat.com/show_bug.cgi?id=497990 Thank you! -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- ipsec-tools 0.7.2 Tomas Hoger (Apr 29)
- Re: ipsec-tools 0.7.2 Tomas Hoger (May 04)
- Re: ipsec-tools 0.7.2 Steven M. Christey (May 06)
- Re: ipsec-tools 0.7.2 Tomas Hoger (May 12)
- Re: ipsec-tools 0.7.2 Tomas Hoger (May 04)