Subject: Re: widespread IKE bugs
To: Dries Schellekens <gwyllion@ulyssis.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 11/15/2005 10:06:34
On Tue, Nov 15, 2005 at 03:15:15PM +0100, Dries Schellekens wrote:
> Thor Lancelot Simon wrote:
>
> >On Tue, Nov 15, 2005 at 01:37:04PM +0100, Dries Schellekens wrote:
> >
> >>OpenBSD has audited their IKE parsing code early 2004 and thus is not
> >>vunerable:
> >>http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2
> >
> >Is this merely their claim, or do they pass the test suite?
>
> Sigh. The answer is in the URL above ;(
I suppose I should have looked first. It was your "thus" that threw me,
since they have a history of _causing_ bugs by "auditing", not just
fixing them, so it wouldn't seem to me to follow logically that if they
audited X, then X doesn't have bug Y... :-/
Thor