Subject: upgrade suggested for pkgsrc/security/racoon
To: None <tech-security@netbsd.org, tech-net@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-net
Date: 09/24/2000 06:31:32
if you are using pkgsrc/security/racoon, it is recommended to
upgrade to racoon-20000923a or more recent. previous binaries
have administration tcp port open without authentication. (the port
is bound to 127.0.0.1, so no remote access), because of this, your
IPsec SAs may become visible unwillingly to nonprivileged local users.
(hmm, should I pkgsrc/distfiles/vulnerabilities?)
itojun