IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: [Bugs] FWD: zlib security bug also present in freeswan 1.95-

From: Henry Spencer (henry_at_spsystems.net)
Date: Thu Mar 14 2002 - 03:05:34 CET

On Thu, 14 Mar 2002, Andreas Pretzsch wrote:
> > This greatly limits real
> > exposure as a result of this bug.
>
> Well, this is true for script-kiddies scanning the net.
> But a selective attack from a roadwarrior could give him root.

This actually seems rather unlikely, given the complex nature of the bug.
(I'd believe being able to crash the system, but an exploit to get root
would be -- at the very least -- very difficult to devise.)

Note that I didn't say "eliminates real exposure". It's certainly an
undesirable flaw. But there is a quick workaround (disable compression,
if you have it enabled), a patch has been published in our mailing lists,
and the next release will incorporate it. My tentative decision is that
this doesn't justify an emergency bug-fix release.

> I'd suggest to release a patch or at least state a note on the site.

We'd very much like to be able to update our web site in a sufficiently
timely fashion to do that... (Our web-site updates are glacially slow
beacuse of a combination of internal politics and infrastructure problems,
getting solved but very slowly. You can't possibly be as unhappy about
this as most of us are...)

                                                          Henry Spencer
                                                       henry_at_spsystems.net

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST