Date: Mon, 4 May 2009 19:46:08 +0200 From: Tomas Hoger <thoger@...hat.com> To: coley@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: ipsec-tools 0.7.2 Hi Steve! On Wed, 29 Apr 2009 16:56:58 +0200 Tomas Hoger <thoger@...hat.com> wrote: > http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611 > http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce > > Upstream announcement mentions one security fix (DoS / NULL deref > reported by Neil Kettle), fixed in: > > http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?f=h#rev22.214.171.124 Can you please assign CVE to this? This crash can happen during phase1 of ISAKMP. Problem occurs when all fragments received contain no payload, only headers. Few more details in: https://bugzilla.redhat.com/show_bug.cgi?id=497990 Thank you! -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ