[Openswan dev] [1.0.9][PATCH] IKE info leakage
Ken Bantoft
ken at xelerance.com
Wed Aug 3 18:05:14 CEST 2005
Commited... thanks.
I'm going to release 1.0.10 final this week.
On Thu, 14 Jul 2005, Vinay K Nallamothu wrote:
> Hi,
>
> Pluto responds to malformed payloads without verifying whether the
> initiator matches any of the security policies. This may be used for
> probing the IKE/IPsec implementation. The patch below fixes this.
>
> Arun Kumar at GSEC1 has discovered the problem.
>
> The patch also rate limits PAYLOAD_MALFORMED notifications (adopted from
> openswan-2.X).
>
> ipsec_doi.c | 31 ++++++++++++++++++++++++++++++-
> 1 files changed, 30 insertions(+), 1 deletion(-)
>
More information about the Dev
mailing list