From: VANHULLEBUS Y. <va...@fr...> - 2005-11-17 16:03:52
|
Hi all. The recent IKE testsuite provided by [1] allowed us to find at least 2 DoS in racoon (reported by Adrian Portelli from NetBSD team). The existing DoS needs aggressive mode and at least some parts of a valid configuration to be used, and leads to a racoon crash (NULL pointer access, this can NOT be exploited to execute code !). I already have a fix for one of the crashes (2 test cases leads to this crash), and I am currently looking for a patch for the other one. Those patches will be commited to the CVS quite soon (hope ina few days max), at least in HEAD and Branch 0.6 (so a 0.6.3 is also expected soon !). People who will need some informations before public release (various distributions, vendors, etc...) are advised to contact *quickly* ips...@li... (please start from a reply to this mail, this will be easier for us to track replies) to have the needed informations and to synchronize everybody. Other people ("normal" users) are advised to avoid using aggressive mode if possible (but that is a permanent advice, at least for PSK !) and to regulary check for the public fix ! [1] http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com |