Re: [Fwd: freeswan & zlib security]
Dale Amon <email@example.com> writes:
> I chatted on the phone with Henry Spencer back when the
> zilb bug was first announced and he was of the opinion
> that in FS it would be almost impossible to exploit. So it's
> probably something that should be fixed but is not a high
> profile issue. Not my call though: I'm not one of the maintainers,
> just a user of the results.
If we are talking about kernel code, a DoS vulnerability is serious
enough, and IIRC it has been demonstrated that the double free() does
happen in practice, and it might crash the kernel (I don't know if
this actually happens, though).
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898