Re: [Ipsec-tools-devel] [Ipsec-tools-users] Denial of Service found in 0.6.6 !

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Wed, Apr 04, 2007 at 11:17:00PM -0400, Simon Chang wrote:
> Yvan,
> 
> Do you have details of this DOS, or should we just wait for the
> release notes in 0.6.7?

All details aare already known by ipsec-tools team (well, at least
Manu and me), and by vendors who read a specific vendors security list
(afaik, at least quite all Linux distributors, and some *BSD guys).

Details won't be published before the patch (which is ready to be
commited since a few days): this is "only" a denial of service, but it
is quite simple to exploit.

Commit and release will be done today, details will come a bit later.

Yvan.