Home » Mailing list archives » openbsd-misc » 2008 » January » 29

PoPToP Vulnerability Question

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Richard P. Koett <lists@...>
To: <misc@...>
Subject: PoPToP Vulnerability Question
Date: Tuesday, January 29, 2008 - 12:05 am

Dear Misc:


I've been asked to look into an issue on a i386 system running OpenBSD 3.7. I

realize this is rather out-of-date, so feel free to ignore this question if

it's inappropriate...


The machine is running poptop-1.1.4.b4p1. Someone did an audit and declared

"PoPToP servers prior to version 1.1.4-bs are vulnerable to a buffer

overflow". I notice that even the current version of OpenBSD has a package for

poptop-1.1.4.b4p1, so I find it hard to believe that this version contains a

known buffer overflow. My question is - what information can I provide the

auditor to assure them of this?


Thanks in advance for any comments. For what it's worth I am aware of

alternatives to PoPToP such as OpenVPN.


RPK.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 12:05 am)
Re: PoPToP Vulnerability Question, Stuart Henderson, (Tue Jan 29, 5:39 am)
Re: PoPToP Vulnerability Question, Joel Sing, (Tue Jan 29, 8:00 am)
Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 1:20 pm)
Re: PoPToP Vulnerability Question, Stuart Henderson, (Tue Jan 29, 1:51 pm)
Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 2:32 pm)
Re: PoPToP Vulnerability Question, Eduardo Tongson, (Tue Jan 29, 2:16 am)
Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 3:04 am)
Re: PoPToP Vulnerability Question, Axton, (Tue Jan 29, 12:59 am)
Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 2:28 am)