OpenBSD Journal

Security Fix for isakmpd

Contributed by grey on from the guninski-styled racoon references avoided dept.

As disclosed by Thomas Walpuski isakmpd(8) is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will. A source code patch exists which remedies this problem.

Here is the patch for 3.5.

Update: here is the patch for 3.4.

(Comments are closed)


Comments
  1. By Brad (216.209.80.7) brad at comstyle dot com on

    The 3.5 patch was fixed to be properly rooted from /usr/src and the 3.4 patch is now up.

  2. By Srebrenko Sehic (213.173.228.2) on

    Thomas Walpuski still claims it's not fixed, according to this posting from 9th of June:

    "Hakan Olsson quickly provided a patch against the specific attack shownin my last posting. A slightly modified attack still succeeds:"

    http://www.securityfocus.com/archive/1/365622/2004-06-08/2004-06-14/0

    Comments
    1. By Brad (216.209.80.7) brad at comstyle dot com on

      The errata patch contains a second diff made after that post.

  3. By Anonymous Coward (208.252.48.163) on

    If someone wanted to add: LINK REL="icon" TYPE="image/png" HREF="favicon.ico" to the head section, it would show up correctly in FireFox's bookmarks.

    Comments
    1. By Anonymous Coward (80.219.125.69) on

      funny, I get the favicon correctly on win2k/firefox 0.8

      Comments
      1. By Anonymous Coward (208.252.48.163) on

        It shows up in the URL bar because it automatically looks for /favicon.ico, however it doesn't show up in the bookmarks like sites that use LINK (in 0.9RC, at least).

        Comments
        1. By Anonymous Coward (80.219.125.69) on

          funny again ;), it shows up correctly in bookmark sidebar on 3.5-r/ffox 0.8 as well as on win2k/ffox 0.8 so I would say that the problem lies with your 0.9RC and not the site per se, probably the bookmark module code is a work in progress. nit-picking over and out.

          Comments
          1. By Anonymous Coward (24.34.57.27) on

            Unless they've decided that the default for the future should be that only sites that use LINK will show the icon in both the URL bar and the bookmark menu. Or it could just be a bug. Have you tried 0.9RC? I'm usually the official Linux build from their site.

            Comments
            1. By Anonymous Coward (80.219.125.69) on

              oooh, linux... ;) actually I did download today's nightly for win, I might try that later, although I am slightly averse to doing so since it seems they only have the installer version which will undoubtly "corrupt" my smoothly running setup. they overhauled a lot of bookmark code 'tween 0.7 and 0.8, so I guess they're still at it.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]