On 14-Mar-2002 Henry Spencer wrote:
> On Wed, 13 Mar 2002, Andreas Pretzsch wrote:
>> The zlib malloc error (DSA 122-1) seems to be present in freeswan
>> 1.95.
>> At least the patch for zlib applies cleany to freeswan.
>> Therefore I marked this report as critical.
>
> The FreeS/WAN project classes this bug as non-critical, because an
> IPsec
> packet must pass authentication (and be successfully decrypted)
> before our
> copy of zlib is asked to decompress it, even if the configuration
> permits
> compression (which the default ones do not). This greatly limits
> real
> exposure as a result of this bug.
Well, this is true for script-kiddies scanning the net.
But a selective attack from a roadwarrior could give him root.
I'm not aware of the exact implications of the bug neither any
exploits, but it's still a risk.
> Our next release (1.97, expected at the beginning of April) will
> incorporate the fix.
I'd suggest to release a patch or at least state a note on the site.
If only for the PR, "we are aware of it, it's not critical, but as
freeswan sits on a gateway, here's the patch".
--Bye, Andreas Pretzsch email: andypre_at_gmx.de
PGP fingerprint = 5C 98 05 A1 15 0A E5 72 4D 49 CA 2A EC CA 14 07
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST