Bug 173165
| Summary: | Openswan Denial of Service | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
| Component: | openswan | Assignee: | Harald Hoyer <harald> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=important,public=20051114,reported=20051114,source=frsirt | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-12-12 13:11:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Josh Bressers
2005-11-14 18:58:32 UTC
Please do not use 2.4.2 but go to 2.4.4 directly, as this fixes the second crasher found by the IPsec proto test suite. It is a DOS as well, but it requires using PSK + aggressive mode and knowing the PSK (which is vulnerable to a MITM anyway) I will be folding back your spec changes again sometime this week. See http://lists.openswan.org/pipermail/announce/2005-November/000009.html We did not incorporate your aggressive mode fixes, however various changes to aggressive mode code were made. Please check if that solved your Cisco 3000 issues. If you still need to apply your patches, please let us know so we can properly fix those. thanks. From User-Agent: XML-RPC openswan-2.4.4-1.0.FC4.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. |