Contributed by jose on from the oops dept.
Date: Fri, 16 Jan 2004 10:55:56 +0100 From: Hans-Joerg Hoexer <Hans-Joerg.Hoexer@yerbouti.franken.de> To: security-announce@openbsd.org Subject: Message handling flaws in isakmpd(8)Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. Fixes have been commited to 3.3 and 3.4 -stable branches. Patches are also available at
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/009_isakmpd.patch
and
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch
The patch for 3.4 includes also a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed. This problem does not exist in 3.3.
(Comments are closed)
By SiLiZiUMM () pemessier@nospamohno.yahoo.com on http://pemessier.fr.st/
Comments
By Martijn () on http://www.bunix.org/
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By gwyllion () on
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch
By Juanjo () on
Get the patch and check the code your're using at CVS (your branch... OPENBSD3_3_BASE or OPENBSD3_3 (stable) or whatever). The file is src/sbin/isakmpd/crypto.c. You'll see that file is unchanged since 19 months and 1 week for both BASE and STABLE, so I bet you need to compare both files because may be isn't fixed yet.
You'll find the problem that patch fixed isn't there for 3.3. In fact seems they go back to 3.3 code :?
So nothing to do at this time :)
(Discaimer: this comment comes with no warranty XD may be I'm wrong heh)
Comments
By Anonymous Coward () on
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/014_isakmpd.patch