[Openswan dev] Re: openswan potential DoS in sarge
Martin Schulze
joey at infodrom.org
Wed Apr 26 12:16:47 CEST 2006
Paul Wouters wrote:
> > seem to suggest this. So it seems to be secure in the sense that only
> > authorized users can crash it. However, this is typically also seen as a DoS
> > (comparable to local privilege escalation bugs).
>
> Yes. This one, and the ones frim the IPsec Proto testsuite (that caused us to
> release openswan 2.4.3 and 2.4.4) can only crash pluto in phase2, so some form
> of authentiction has already taken place.
>
> > > Do I understand it correctly, that the crash can't be reproduced with road-
> > > warriors from stable?
> > Correct. pluto from testing/unstable triggers it reproducably, but, pluto from
> > stable does not.
>
> What version is of openswan is in debian stable?
Debian stable was released last summer, so the version of openswan in this
distribution is 2.2.0 still.
Regards,
Joey
--
Experience is something you don't get until just after you need it.
Please always Cc to me when replying to me on the lists.
More information about the Dev
mailing list