lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 09 Sep 2008 14:11:25 +0200
From:	Denis Joseph Barrow <D.Barow@...ion.com>
To:	Németh Tamás <nice@...anic.nyme.hu>
CC:	Filip Aben <f.aben@...ion.com>,
	Linux USB kernel mailing list <linux-usb@...r.kernel.org>,
	Linux netdev Mailing list <netdev@...r.kernel.org>
Subject: 2 bugs found in Cisco vpnclient-4.8.02.0030

Hi Tamas,
I've got the vpn client going over ethernet but not yet over the hso device.
I found 2 idiotic substantial bugs in the vpn client one which caused
the crash in linuxcniapi.c as you were seeing
You'll note that in some places the code was looping to <MAX_INTERFACES
& other places to <=MAX_INTERFACES, this was flying over the edge
of the array.
These bugs are not unique to the hso driver they just happened to
manifest there.

Let me know if you still find crashes somehow, post them to me & more importantly
let me know if you get hso going over vpn.

Please find some way to get the bugfixes back to Cisco.

-- 
best regards,
D.J. Barrow

View attachment "vpnclient.patch" of type "text/x-diff" (839 bytes)

Powered by blists - more mailing lists