[Secure-testing-commits] r733 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Sun, 03 Apr 2005 20:53:15 +0000
Author: jmm-guest
Date: 2005-04-03 20:53:12 +0000 (Sun, 03 Apr 2005)
New Revision: 733
Modified:
sarge-checks/CAN/list
Log:
This is nothing that can be fixed, it's a report about a principal cryptographic
problem in IKE. In fact it's not the only one and this specific problem is known
since ca. 2000. There's an interesting paper by Radia Perlman about flaws in
IKE that describes the full details.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-03 16:07:58 UTC (rev 732)
+++ sarge-checks/CAN/list 2005-04-03 20:53:12 UTC (rev 733)
@@ -234,7 +234,7 @@
CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
NOTE: not-for-us (Lotus Domino
CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
- TODO: check implementatons (isakmpd, etc)
+ NOTE: not-for-us (Principal protocol flaw)
CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
NOTE: not-for-us (AIX)
CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)