[Announce] Openswan response to NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
paul at xelerance.com
Mon Nov 14 08:30:10 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Vendor response of the Openswan project to the following advisory:
NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
CVE number: Unknown. Not requested or disclosed by reporter
Since we did not have prior knowledge of this vulnerability, and have
been given access to the test kit, so far we have only been able to
partially analyse our IPsec implementation.
Versions of openswan-1 are (apparently) not vulnerable to this attack.
Versions of openswan-2 are (apparently) vulnerable to a Denial Of Service
attack in two known cases. One involves a crafted packet using 3DES
with an invalid key length. One other is still unknown to us because no
more information was provided. These two cases cannot be used to obtain
elevated priviledges, since it is not possible to use these bugs to
execute arbitrary code. These attacks are caught within our "assertion
fail" verification code.
Today we have released openswan-2.4.2. This release fixes the 3DES related
Denial Of Service attack.
We *STRONGLY* encourage CERT-FI and/or NISCC to give us access to the
test kit if they are concerned about the second vulnerability and the
impact of this advisory on the wide install base of Openswan-2 if those
systems are left vulnerable to a DOS attack.
Openswan is the defacto IPsec software used on many Linux distributions,
such as RedHat Linux, Fedora Linux, Debian, SuSe / Novell, Mandrake and
many systems including embedded devices.
For further information, please see:
Contact us at: security at xelerance.com
The Openswan team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Announce