Date: Tue, 14 Oct 2008 14:54:00 +0200 From: Thomas Biege <thomas@...e.de> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: CVE request: strongswam denial-of-service Hi, our maintainer of strongswan found this: See also http://download.strongswan.org/CHANGES4.txt "[...] strongswan-4.2.7 ---------------- - Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with a KE payload containing zeroes only can cause a crash of the IKEv2 charon daemon due to a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs for making us aware of this problem. [...]" patch: http://trac.strongswan.org/changeset/4345Hi, -- Bye, Thomas -- Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.