From: VANHULLEBUS Y. <va...@fr...> - 2007-04-06 07:39:07
|
On Wed, Apr 04, 2007 at 11:17:00PM -0400, Simon Chang wrote: > Yvan, > > Do you have details of this DOS, or should we just wait for the > release notes in 0.6.7? All details aare already known by ipsec-tools team (well, at least Manu and me), and by vendors who read a specific vendors security list (afaik, at least quite all Linux distributors, and some *BSD guys). Details won't be published before the patch (which is ready to be commited since a few days): this is "only" a denial of service, but it is quite simple to exploit. Commit and release will be done today, details will come a bit later. Yvan. |