Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon

itojun_at_kame.net
Date: 01/16/04

  • Next message: JeiAr: "phpShop Vulnerabilities"
    To: thomas@thinknerd.org
    Date: Fri, 16 Jan 2004 12:11:49 +0900 (JST)
    
    

    > > 0 Preface
    > >
    > > Now that most bugs in isakmpd that allowed for unauthorized SA
    > > deletion are "fixed", it's time to release some information on racoon.
    > >
    > > By the way: About 5 months ago I tried to contact the KAME developers.
    > sorry that we did not take necessary actions that time. the attached
    > patch should remedy the problem (credit: IIJ SEIL team).
    > kame as well as netbsd repository are updated, and vendors are informed.

            the patch i've attached yesterday had endian problem (does not work on
            little-endian machine). if you are using the code, please pull the
            latest code from KAME anoncvs or ftp://ftp.kame.net/pub/kame/misc.
            sorry about the mess.

    itojun


  • Next message: JeiAr: "phpShop Vulnerabilities"