<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: multiple payload handling flaws in isakmpd, again

Re: multiple payload handling flaws in isakmpd, again

From: Thomas Walpuski <thomas_at_thinknerd.de>
Date: Thu, 1 Jan 2004 21:20:18 +0100

There is one important thing I forgot to mention. In isakmpd deleting an
IPsec SA also means deleting the appropriate IPsec policy in almost any
case. Take a look at pf_key_v2_delete_spi() in pf_key_v2.c. It calls
pf_key_v2_disable_sa(), the policy eraser ;-), if the SA was not
acquired through the kernel:

  if (!(sa->flags & SA_FLAG_REPLACED)
      && !(sa->flags & SA_FLAG_ONDEMAND))
    pf_key_v2_disable_sa (sa, incoming);

Now imagine an IPsec tunnel between two security gateways running
isakmpd. Both gateways are attacked, IPsec SAs and policies get removed,
...

Thomas Walpuski
Received on Jan 01 2004

This message: [ Message body ]
Next message: Matt Zimmerman: "Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity"
Previous message: the grugq: "Announcing Userland Exec"
In reply to: Thomas Walpuski: "multiple payload handling flaws in isakmpd, again"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos