Re: [Fwd: freeswan & zlib security]
On Tue, Sep 17, 2002 at 06:10:32PM +0200, Florian Weimer wrote:
> Dale Amon <email@example.com> writes:
> > I chatted on the phone with Henry Spencer back when the
> > zilb bug was first announced and he was of the opinion
> > that in FS it would be almost impossible to exploit. So it's
> > probably something that should be fixed but is not a high
> > profile issue. Not my call though: I'm not one of the maintainers,
> > just a user of the results.
> If we are talking about kernel code, a DoS vulnerability is serious
> enough, and IIRC it has been demonstrated that the double free() does
> happen in practice, and it might crash the kernel (I don't know if
> this actually happens, though).
The impression I had was it would be extremely difficult in the best
case to trigger it, and that typical configurations are such that
it is avoided entirely. I'd have to really dig to get the details:
that was many months ago.