OpenBSD Journal

a Reliability Fix for isakmpd

Contributed by Dengue on from the patch-p0 dept.

Patch010 for OpenBSD 3.1 has been released. To quote errata.html :
Receiving IKE payloads out of sequence can cause isakmpd(8) to crash.
The answer to your next question can be found in the FAQ .

Also available as Patch 027 for OpenBSD 3.0.

(Comments are closed)


Comments
  1. By captain^k () on

    --15:27:11-- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/010_isakmpd.patch
    => `010_isakmpd.patch'
    Connecting to ftp.openbsd.org:21... connected!
    Logging in as anonymous ... Logged in!
    ==> SYST ... done. ==> PWD ... done.
    ==> TYPE I ... done. ==> CWD /pub/OpenBSD/patches/3.1/common ... done.
    ==> EPRT ...
    Invalid EPRT.
    ==> PORT ... done. ==> RETR 010_isakmpd.patch ...
    No such file `010_isakmpd.patch'.

  2. By zenz.hu () zenz.hu@163.com on mailto:zenz.hu@163.com

    I can't find the patch in the ftp server.

    Comments
    1. By Anonymous Coward () on

      The patch is nowhere to be found.
      7/6/02 7:10 EST

  3. By jose nazario () on http://www.monkey.org/~jose/

    hi guys


    i think i found a major chunk of the patch for 3.1 (the patch is still awol, i'm asking around why it is). if you look at the changes for src/sbin/isakmpd/message.c you'll see the message "Receiving IKE payloads out of sequence can cause isakmpd to crash.". the diff (for 3.0) is here:


    http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/message.c.diff?r1=1.45.2.1&r2=1.45.2.2


    we'll update once the patch is visible ... in the meantime, dig around in the source and cvs up if you have to, it appears this hasn't even been tagged for 3.1-stable or HEAD.

  4. By Anonymous Coward () on

    Does this mean they'll have to take the "no remote holes in five years" down off the website?????

    Comments
    1. By Anonymous Coward () on

      a) they already did when they fixed sshd recently.
      b) isakmpd doesn't run by default
      c) there is no mention of exploitability (but that doesn't mean its just a realibility fix)

      Comments
      1. By Anonymous Coward () on

        This was intended as sarcasm, btw. :)

    2. By Anonymous Coward () on

      The rock must be a hell of a big one...

  5. By Rinsoblue () on

    The patch file is there now.

    Rin

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]