Subject: Re: widespread IKE bugs
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Dries Schellekens <gwyllion@ulyssis.org>
List: tech-security
Date: 11/15/2005 13:37:04
Steven M. Bellovin wrote:
> Per http://news.com.com/VPN+flaw+threatens+Internet+traffic/2100-1002_3-5951916.html
> the good folks at University of Oulu have found flaws in many different
> implementations of IKE. OpenSWAN is one of the affected code bases.
> Does anyone know if NetBSD or KAME IKE are vulnerable? (The test suite
> can be downloaded from http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
> )
It is being looked at by the ipsec-tools people:
http://sourceforge.net/mailarchive/forum.php?thread_id=8967088&forum_id=32000
OpenBSD has audited their IKE parsing code early 2004 and thus is not
vunerable:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2
Cheers,
Dries