oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ipsec-tools 0.7.2

From: Tomas Hoger <thoger () redhat com>
Date: Mon, 4 May 2009 19:46:08 +0200
Hi Steve!

On Wed, 29 Apr 2009 16:56:58 +0200 Tomas Hoger <thoger () redhat com>
wrote:


http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611
http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce

Upstream announcement mentions one security fix (DoS / NULL deref
reported by Neil Kettle), fixed in:

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?f=h#rev1.4.6.1


Can you please assign CVE to this?  This crash can happen during
phase1 of ISAKMP.  Problem occurs when all fragments received contain
no payload, only headers.  Few more details in:
  https://bugzilla.redhat.com/show_bug.cgi?id=497990

Thank you!

-- 
Tomas Hoger / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: