[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] "brain dead" cert. verification kame



On Fri, 18 Jun 2004, Dirk Wetter wrote:

Hi,

Yes SL 9.1 IPsec tools are affected, we are already preparing update
packages.

Sebastian

> 
> Hi,
> 
> seems racoon doesn't check properly for valid x509 certs (BID 10546).
> Are
> Suse 9.1 IPsec tools vulnerable? I haven't looked into the relevant
> portion of code yet, but it looks like it is. Bugtraq recommends an
> upgrade to 0.3.3 .
> 
> 
> Cheers,
>        Dirk Wetter
> 
> 
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
> http://promotions.yahoo.com/new_mail 
> 
> 

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here