oss-sec mailing list archives

CVE request: strongswam denial-of-service

From: Thomas Biege <thomas () suse de>
Date: Tue, 14 Oct 2008 14:54:00 +0200

Hi,
our maintainer of strongswan found this:

See also http://download.strongswan.org/CHANGES4.txt
"[...]
strongswan-4.2.7
----------------

- Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with
  a KE payload containing zeroes only can cause a crash of the IKEv2 charon
  daemon due to a NULL pointer returned by the mpz_export() function of the
  GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs
  for making us aware of this problem.
[...]"


patch: http://trac.strongswan.org/changeset/4345Hi,




-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming

Current thread:

CVE request: strongswam denial-of-service Thomas Biege (Oct 14)
- Re: CVE request: strongswam denial-of-service Steven M. Christey (Oct 14)