Openswan updates for vulnerabilities

NISTCC released this today, which doesn’t really tell you much. They contacted us about 4 months ago to report a vulernability, but wouldn’t tell us anything unless we signed an NDA. We refused - way too many issues with being unable to release/publish (Openswan is open source, so all commits are public) fixes until NISTCC decided it was okay. So we just knew there was a potential Denial of Service, maybe. One of our partners who did sign the NDA confirmed 2 bugs, but since we weren’t allowed to use the testsuite (covered by NISTCC’s NDA) we couldn’t confirm for ourselves, or confirm fixes.

The
PROTOS folks in Finland have now released thier paper, and included the isakmp testsuite so we’ve busy verifying fixes to the codebase. In the meantime, Openswan 2.4.2 is out with fixes for one of the two bugs. The other one requires aggressive mode, so it’s not nearly as widespread. We expect to have that fixed and 2.4.3 out by end of day.

Apparently we aren’t the only ones annoyed with NISTCC on this case - MITRE doesn’t have any CVE entries for this (yet)

Links:

• Open Source Vulernability Database Blog post
• NISTCC ISAKMP Vulnerability Release [PDF]
• MITRE CVE
• SearchSecurity.com Article
• FrSIRT advistory
• eWeek’s Story
• news.com.com’s Story

Comments

• Twitter Feed

  • @ajarvela00 Haven't had time to determine the right audio settings for MP4 encoding to get true 5.1 from the Home Theater in reply to ajarvela00 4 hrs ago
  • AppleTV vs. Sony Receiver - 5.1 Channel - Fight! 6 hrs ago
  • Foraging for food, snailmail, and fresh air. 8 hrs ago
  • More updates...

  Powered by Twitter Tools.

• Google Reader Feed

  • Vietnam Imposes New Blogging Restrictions
     via: Slashdot
  • Last Major Supplier Calls It Quits For VHS
     via: Slashdot
  • Borrowing To Invest Vs. Saving To Invest
     via: John Chow dot Com
  • How the Great Firewall of Britain works
     via: Boing Boing
  • What the heck is an IT Architect anyway?
     via: The Register
  Shared Items

• Flickr Photos

  

• Tags

  43folders blackhat Code Day to Day dns googlereader inbox zero Links linux me Openswan openswan osx OS X parallels Photos Preston productivity Reviews rss security tcpdump Tech Tech Toys ubuntu Wedding Bells

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Recently Written

• ESX & ESXi - Windows XP Guest Install reports no hard disk found
• Google Reader Stats and Thoughts
• Debian VMWare Guest - eth0 broken after cloning
• pppd + precompiled-active-filter
• Who Moved My Brain?
• 4 Features/Changes Google Reader Needs to Move Forward
• Google Reader - 1 year later
• Dan’s DNS Talk from Blackhat
• I’m back
• Ubuntu 8 on Parallels 3 (and some other VM packages)

Monthly Archives

• January 2009
• December 2008
• October 2008
• August 2008
• November 2007
• October 2007
• July 2007
• June 2007
• May 2007
• December 2006
• October 2006
• May 2006
• February 2006
• January 2006
• December 2005
• November 2005
• September 2005
• August 2005
• June 2005
• April 2005
• March 2005
• February 2005
• January 2005
• December 2004
• November 2004
• October 2004

Blogroll

• Development Blog
• Documentation
• Ken’s Photos on Flickr
• Plugins
• Suggest Ideas
• Support Forum
• Themes
• WordPress Planet

Find It

Admin

• Log in
• WordPress
• XHTML

Credits

Powered by Vertigo & WordPress
WordPress Themes by Brian Gardner