[Openswan Users] Openswan's userland tools vs. IPsec-Tools ?
Paul Wouters
paul at xelerance.com
Thu Oct 28 22:52:28 CEST 2004
On Thu, 28 Oct 2004, Jacco de Leeuw wrote:
> I don't mean to troll, but are you saying that KAME/ipsec-tools have NOT been
> written with security in mind?
Not as pedantic as the freeswan people. People from the old freeswan team had
been part of the ansi C committee :) (you gotta love the passert()'s :)
Seriously, if you check out the CVE entries for Racoon, it doesn't make you
happy. Really huge bugs have been found by Ralf Spenneberg that have been in
there for years.
freeswan/openswan only has had security issues with the X.509 code (ca-cert
signature path verification and ASN.1 parser problems) and one netlink
issue (which was really a kernel bug, but exploitable through the netlink
interface)
Paul
More information about the Users
mailing list