[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: freeswan & zlib security]

Dale Amon <amon@vnl.com> writes:

> I chatted on the phone with Henry Spencer back when the
> zilb bug was first announced and he was of the opinion 
> that in FS it would be almost impossible to exploit. So it's
> probably something that should be fixed but is not a high
> profile issue. Not my call though: I'm not one of the maintainers,
> just a user of the results.

If we are talking about kernel code, a DoS vulnerability is serious
enough, and IIRC it has been demonstrated that the double free() does
happen in practice, and it might crash the kernel (I don't know if
this actually happens, though).

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to: