For FC5test1 +++ This bug was initially created as a clone of Bug #173165 +++ Openswan Denial of Service NISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The second is not entirely understood at this time. The Openswan project has relased version 2.4.2 to fix the 3DES issue. http://www.frsirt.com/english/advisories/2005/2407 http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html This issue also affects FC3 -- Additional comment from paul on 2005-11-21 11:09 EST -- Please do not use 2.4.2 but go to 2.4.4 directly, as this fixes the second crasher found by the IPsec proto test suite. It is a DOS as well, but it requires using PSK + aggressive mode and knowing the PSK (which is vulnerable to a MITM anyway) I will be folding back your spec changes again sometime this week. See http://lists.openswan.org/pipermail/announce/2005-November/000009.html We did not incorporate your aggressive mode fixes, however various changes to aggressive mode code were made. Please check if that solved your Cisco 3000 issues. If you still need to apply your patches, please let us know so we can properly fix those. thanks. -- Additional comment from updates.com on 2005-11-21 12:33 EST -- From User-Agent: XML-RPC openswan-2.4.4-1.0.FC4.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.