Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 30 Apr 2008 10:21:18 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: security@...nel.org
Subject: Re: security problem in ESP fragment handling?


On Wed, 30 Apr 2008, Marcus Meissner wrote:

> According to Karsten Keil just ESP fragment packets need to be accepted
> by the kernel to trigger the condition.
> We think this might be true for all 2.6 kernels (ever since esp.c got added)

Any idea what the starting version might be?

Also, you mentioned a hang, but the commit says a BUG() is generated.  is
this just based on different inputs?

- Steve

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ