Rene Mayrhofer wrote:
> Hi Joey,
>
> On Friday 28 January 2005 07:28, Martin Schulze wrote:
> > Stack-based buffer overflow in the get_internal_addresses function in
> > the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x
> > before 2.3.0, when compiled XAUTH and PAM enabled, allows remote
> > authenticated attackers to execute arbitrary code.
> I still think that the bug is present in 2.3.0 too. At least I applied the
> patch also to this release - which has the same (flawed) definition of the
> src variable.
I'll forward this.
Regards,
Joey
--
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
