Flaw:NetBSD IPSec implementation

According to an alert from NetBSD, the KAME-based IPSec implementation included in NetBSD was missing some packet length checks, and could be tricked into passing negative value as buffer length.

By transmitting a specially formed (very short) ESP packet, a malicious sender can cause a cause kernel panic on the victim node.

For more, click here.

Join the newsletter!

Error: Please check your email address.
Show Comments