mailing list archives
RE: [Whitehat] about zlib vulnerability
From: Peter Mueller <pmueller () sidestep com>
Date: Thu, 14 Mar 2002 18:47:50 -0800
The vulnerable zlib 1.1.3 code can be even found on the freeswan
1.95 source tree and previous versions, therefore there's a
potential vulnerability at kernel level; besides at the web site
http://www.freeswan.org the problem is not properly treated.
From the developers @ freeswan:
It is not of great importance to VPN applications, since compressed
packets don't get fed to zlib until they've passed authentication. It's a
little more serious for opportunistic encryption, where the tunnel doesn't
imply trust... but our experimental OE setup currently isn't proposing or
Zlib apparently is not called into play unless the "compress=yes" option is
turned on. This feature could be individual to each tunnel or globally set
for all tunnels. default = no. Additionally in order for zlib to even be
accessed you have to authenticate an IPsec session.
FYI, "opportunistic encryption" means using DNS to accomplish IPsec gateways
without hard-coding ipsec setup information into some configuration file.
It's currently still very experimental and thus not used in any production
Hope that helps,
- RE: [Whitehat] about zlib vulnerability Peter Mueller (Mar 15)