Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 May 2015 19:38:13 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com, cve-assign@...re.org
Subject: CVE Request: ipsec-tools

Hello,

Javantea reports a null pointer dereference in the ipsec-tools package on
the full-disclosure mail list:
http://seclists.org/fulldisclosure/2015/May/81

Christos Zoulas proposed a fix on the same list:
http://seclists.org/fulldisclosure/2015/May/83

--- gssapi.c    9 Sep 2006 16:22:09 -0000       1.4
+++ gssapi.c    19 May 2015 15:16:00 -0000      1.6
@@ -192,6 +192,11 @@
        gss_name_t princ, canon_princ;
        OM_uint32 maj_stat, min_stat;
 
+       if (iph1->rmconf == NULL) {
+               plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
+               return -1;
+       }
+
        gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
        if (gps == NULL) {
                plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");

Please allocate a CVE for this issue.

Thanks


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ