Dailydave mailing list archives

Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months

From: Adam Shostack <adam () homeport org>
Date: Mon, 14 Nov 2005 10:27:16 -0500

Hi Paul,

In http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
there are "responses" from 3Com, Secgo, Cisco, Stonesoft Corp,
Entrust, strongSwan, IBM, TeamF1 Inc, Intoto Inc, Juniper Networks,
Microsoft, and Mitel Corporation.

I've blogged what else I could find at
http://www.emergentchaos.com/archives/001946.html 

Adam


On Mon, Nov 14, 2005 at 04:23:56PM +0100, Paul Wouters wrote:
| On Mon, 14 Nov 2005, Paul Wouters wrote:
| 
| [ my last mail on this topic ]
| 
| The test suite has been made public:
| 
| http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
| 
| It apparently has 5000 tests.
| 
| The only other vendor so far that responded (AFAIK):
| 
| Cisco Security Advisory: Multiple Vulnerabilities Found by PROTOS IPSec
| Test Suite
| 
| http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml
| 
| 
| Paul

Current thread:

NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
  - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
  - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
    - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)
    - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
  - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)