Date: Mon, 4 May 2009 19:46:08 +0200 From: Tomas Hoger <thoger@...hat.com> To: coley@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: ipsec-tools 0.7.2 Hi Steve! On Wed, 29 Apr 2009 16:56:58 +0200 Tomas Hoger <thoger@...hat.com> wrote: > http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611 > http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce > > Upstream announcement mentions one security fix (DoS / NULL deref > reported by Neil Kettle), fixed in: > > http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?f=h#rev220.127.116.11 Can you please assign CVE to this? This crash can happen during phase1 of ISAKMP. Problem occurs when all fragments received contain no payload, only headers. Few more details in: https://bugzilla.redhat.com/show_bug.cgi?id=497990 Thank you! -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ