4 Jul
2004
4 Jul
'04
16:30
Hi! On Fri, 2 Jul 2004, Roman Drahtmueller wrote:
2) Pending vulnerabilities in SUSE Distributions and Workarounds: ...
- freeswan A bug in the certificate chain authentication code could allow an attacker to authenticate any host against a FreeS/WAN server by presenting specially crafted certificates wrapped in a PKCS#7 file. The packages are currently being tested and will be available soon.
This sounds scary; but does this apply only to installations that use x509 certificates, i.e. if there are conns with left/rightrsasigkey=%cert? Or is it enought to have the x509 stuff compiled in, even if it isn't actively used? Martin