Rene Mayrhofer wrote: > Hi Joey, > > On Friday 28 January 2005 07:28, Martin Schulze wrote: > > Stack-based buffer overflow in the get_internal_addresses function in > > the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x > > before 2.3.0, when compiled XAUTH and PAM enabled, allows remote > > authenticated attackers to execute arbitrary code. > I still think that the bug is present in 2.3.0 too. At least I applied the > patch also to this release - which has the same (flawed) definition of the > src variable.
I'll forward this. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]