Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: [Whitehat] about zlib vulnerability
From: Peter Mueller <pmueller () sidestep com>
Date: Thu, 14 Mar 2002 18:47:50 -0800

The vulnerable zlib 1.1.3 code can be even found on the freeswan
1.95 source tree and previous versions, therefore there's a
potential vulnerability at kernel level; besides at the web site
http://www.freeswan.org the problem is not properly treated.

From the developers @ freeswan:
<snip>
It is not of great importance to VPN applications, since compressed
packets don't get fed to zlib until they've passed authentication.  It's a
little more serious for opportunistic encryption, where the tunnel doesn't
imply trust... but our experimental OE setup currently isn't proposing or
accepting compression. 
</snip>

Zlib apparently is not called into play unless the "compress=yes" option is
turned on.  This feature could be individual to each tunnel or globally set
for all tunnels.  default = no.  Additionally in order for zlib to even be
accessed you have to authenticate an IPsec session. 

FYI, "opportunistic encryption" means using DNS to accomplish IPsec gateways
without hard-coding ipsec setup information into some configuration file.
It's currently still very experimental and thus not used in any production
environments.

Hope that helps,

Peter


  By Date           By Thread  

Current thread:
  • RE: [Whitehat] about zlib vulnerability Peter Mueller (Mar 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault