lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040116031149.0DA4AAA@coconut.itojun.org>
Date: Fri, 16 Jan 2004 12:11:49 +0900 (JST)
From: itojun@...e.net
To: thomas@...nknerd.org
Cc: bugtraq@...urityfocus.com
Subject: Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon


> > 0 Preface
> > 
> >   Now that most bugs in isakmpd that allowed for unauthorized SA
> >   deletion are "fixed", it's time to release some information on racoon.
> > 
> >   By the way: About 5 months ago I tried to contact the KAME developers.
> 	sorry that we did not take necessary actions that time.  the attached
> 	patch should remedy the problem (credit: IIJ SEIL team).
> 	kame as well as netbsd repository are updated, and vendors are informed.

	the patch i've attached yesterday had endian problem (does not work on
	little-endian machine).  if you are using the code, please pull the
	latest code from KAME anoncvs or ftp://ftp.kame.net/pub/kame/misc.
	sorry about the mess.

itojun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ