[Openswan dev] FreeS/WAN Information for VU#302220
D. Hugh Redelmeier
hugh at mimosa.com
Mon May 16 03:44:57 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
According to
<http://www.kb.cert.org/vuls/id/KMIS-6CAMWT>
you don't know if FreeS/WAN is vulnerable to VU#302220, described in
<http://www.kb.cert.org/vuls/id/302220>
The FreeS/WAN project is disbanded, so there is no one to give an
authoritative answer. Openswan is a successor, starting from the
FreeS/WAN code base.
The Openswan response is:
<http://www.openswan.org/niscc/>
The code quoted from Openswan was inherited from FreeS/WAN, so
FreeS/WAN, when using IKE for keying, will not be vulnerable. But you
should audit the code -- I am responding from memory.
I was certainly aware of this "newly discovered" vulnerability when I
wrote the original code for FreeS/WAN.
I did not write the manual keying code and I don't remember if it
would be possible to set up a vulnerable VPN using manual keying. On
the other hand, manual keying is probably never used in an
operational context.
Hugh Redelmeier
hugh at mimosa.com voice: +1 416 482-8253
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBQohBesFAuQPManGZAQFiJgP/bqrdWfIW83ZaebT+fafJ2oxq2xlMrtc+
ITppnznpd3oIajoTGNNcXHCJ2MUazzkklVSzeKE5uEE8EPcrJ/GJIbwt2M/7awJG
g3wOC2V2SwYd+UHgtfh0qN5+UCHLKiVT/LZoFfXRWp8UR6ZqF28/aSJZFWp3kFkr
G4n9fFjOh4E=
=AqXq
-----END PGP SIGNATURE-----
More information about the Dev
mailing list