tech-security: Re: widespread IKE bugs

Subject: Re: widespread IKE bugs
To: None <tls@rek.tjls.com>
From: Dries Schellekens <gwyllion@ulyssis.org>
List: tech-security
Date: 11/15/2005 15:15:15

Thor Lancelot Simon wrote:

> On Tue, Nov 15, 2005 at 01:37:04PM +0100, Dries Schellekens wrote:
> 
>>OpenBSD has audited their IKE parsing code early 2004 and thus is not 
>>vunerable:
>>http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2 
> 
> Is this merely their claim, or do they pass the test suite?

Sigh. The answer is in the URL above ;(

"I just tested our isakmpd(8) implementation against the PROTOS
test suite.  No problems were detected.
...
I also ran the PROTOS suite against tcpdump -vvv and saw no
problems." (dixit Chad Loder)

Cheers,

Dries