[Ipsec-tools-devel] Commits next days, potential DoS, NATT, etc....
Brought to you by:
mit_warlord,
netbsd
Menu
▾
▴
[Ipsec-tools-devel] Commits next days, potential DoS, NATT, etc....
|
From: VANHULLEBUS Y. <va...@fr...> - 2005-01-23 15:07:18
|
Hi all. Commits next days may be a little bit strange, due to various things: First, I planned to finish a "clean" NAT-T support (RFC by default, then all drafts available if enabled by configure) for the release of the 0.5 version, so I started my work on this branch (and is was also more simple, as heavy developpements started on devel. branch). I though I could report those modifications to the devel. branch just before commiting, and after heavy tests, but some various things changed my plans, so I'll probably have to commit that for 0.5 branch, then start to port it to devel. branch., and commit on that branch only a few days later. The other topic in progress is the potential DoS which have been reported by Sebastian Krahmer from Suse. It looks like this DoS may *NOT* be exploited with recent libc versions, but there *IS* a bug, which have to be fixed soon, and which may allow at least a DoS under some undefined conditions. We already have a fix for a part of that bug, and I'll try to have a complete fix done within the next few days. This fix will be sent to vendors who contacted us, to allow them to release a new binary version, then will be commited to the CVS tree (at least devel, 0.5, 0.4 and 0.3 branchs). Once again, I do NOT have a proof of concept which generates a DoS today, and the first tests show that it may only generate a warning in logs files, but I still strongly suggest everybody to upgrade it's version ASAP. Yvan. |