oss-sec mailing list archives
CVE request: strongswam denial-of-service
From: Thomas Biege <thomas () suse de>
Date: Tue, 14 Oct 2008 14:54:00 +0200
Hi, our maintainer of strongswan found this: See also http://download.strongswan.org/CHANGES4.txt "[...] strongswan-4.2.7 ---------------- - Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with a KE payload containing zeroes only can cause a crash of the IKEv2 charon daemon due to a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs for making us aware of this problem. [...]" patch: http://trac.strongswan.org/changeset/4345Hi, -- Bye, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
Current thread:
- CVE request: strongswam denial-of-service Thomas Biege (Oct 14)
- Re: CVE request: strongswam denial-of-service Steven M. Christey (Oct 14)