Steven M. Bellovin wrote:

> Per http://news.com.com/VPN+flaw+threatens+Internet+traffic/2100-1002_3-5951916.html
> the good folks at University of Oulu have found flaws in many different 
> implementations of IKE.  OpenSWAN is one of the affected code bases.  
> Does anyone know if NetBSD or KAME IKE are vulnerable?  (The test suite 
> can be downloaded from http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
>  )

It is being looked at by the ipsec-tools people:
http://sourceforge.net/mailarchive/forum.php?thread_id=8967088&forum_id=32000

OpenBSD has audited their IKE parsing code early 2004 and thus is not 
vunerable:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2


Cheers,

Dries