[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

L2TP/IPSec on Mac OSX stop working after openswan upgrade [with patches]

Dear Yves-Alexis Perez and Debian Security Team,

Related bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744717

>From the changelog of debian, I know that your are the maintainer of
openswan in debian:
openswan (1:2.6.37-3+deb7u1) wheezy-security; urgency=high
  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2013-2053 added, fix pre-authentication buffer overflow in atodn() /
    atoid() (CVE-2013-2053).                                    closes: #709144
    - CVE-2013-6466 added, fix pre-authentication remote denial of service in
    IKEv2 daemon (CVE-2013-6466)                                closes: #737406
 -- Yves-Alexis Perez <corsac@debian.org>  Sun, 23 Mar 2014 16:12:16 +0100

After upgrade the openswan in wheezy to 1:2.6.37-3+deb7u1, I found
that I cannot connect to ipsec from mac os x and ios any more. And
there are some guys encoutered the same problem as me:
(however, the subject was mis understanding).

After checking the patch, I found the it's CVE-2013-6466.patch, it
removes the compatible code for mac os x and ios, which use a bad
draft. Now, I have fixed this, and test on mac os x and ios. However,
I didn't test on other platform, such as linux, windows.

I'm attaching the patch, and if you cannot see it, you can download it
from http://piebridge.me/openswan_osx_nat_d_baddraft.patch

Best regards,
Liu DongMiao

Reply to: