Re: PoPToP Vulnerability Question

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Eduardo Tongson <propolice@...>

To: Richard P. Koett <lists@...>

Cc: <misc@...>

Subject: Re: PoPToP Vulnerability Question

Date: Tuesday, January 29, 2008 - 2:16 am

Did you look at ports if it has patch applied for the vulnerability?
The administrator of that OpenBSD machine should already be aware the
installed software. It is not an automagical secure system after all.

On Jan 29, 2008 12:05 PM, Richard P. Koett wrote:

quoted text

> Dear Misc:
>
> I've been asked to look into an issue on a i386 system running OpenBSD 3.7. I
> realize this is rather out-of-date, so feel free to ignore this question if
> it's inappropriate...
>
> The machine is running poptop-1.1.4.b4p1. Someone did an audit and declared
> "PoPToP servers prior to version 1.1.4-bs are vulnerable to a buffer
> overflow". I notice that even the current version of OpenBSD has a package for
> poptop-1.1.4.b4p1, so I find it hard to believe that this version contains a
> known buffer overflow. My question is - what information can I provide the
> auditor to assure them of this?
>
> Thanks in advance for any comments. For what it's worth I am aware of
> alternatives to PoPToP such as OpenVPN.
>
> RPK.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 12:05 am)

Re: PoPToP Vulnerability Question, Stuart Henderson, (Tue Jan 29, 5:39 am)

Re: PoPToP Vulnerability Question, Joel Sing, (Tue Jan 29, 8:00 am)

Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 1:20 pm)

Re: PoPToP Vulnerability Question, Stuart Henderson, (Tue Jan 29, 1:51 pm)

Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 2:32 pm)

Re: PoPToP Vulnerability Question, Eduardo Tongson, (Tue Jan 29, 2:16 am)

Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 3:04 am)

Re: PoPToP Vulnerability Question, Axton, (Tue Jan 29, 12:59 am)

Re: PoPToP Vulnerability Question, Richard P. Koett, (Tue Jan 29, 2:28 am)

Navigation

Popular discussions


linux-kernel:
Ian Campbell	Re: [PATCH] x86: Construct 32 bit boot time page tables in native format.
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Justin Piszcz	Linux Software RAID 5 Performance Optimizations: 2.6.19.1: (211MB/s read & 195...
Alan	Re: [RFC] Heads up on sys_fallocate()
netbsd-tech-kern:
Matthias Scheler	Re: HEADS UP: timecounters (branch simonb-timecounters) merged into -current
David Laight	long usernames
Quentin Garnier	Re: Understanding foo_open, foo_read, etc.
Jared D. McNeill	Breaking binary compatibility for /dev/joy
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
David Miller	[GIT]: Networking
Natalie Protasevich	[BUG] New Kernel Bugs

Colocation donated by:

Online users

strcmp

Syndicate