[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nufw-users] NuFW 2.0.4 and 1.0.27, minor security fix
|
From: |
Eric Leblond |
|
Subject: |
[Nufw-users] NuFW 2.0.4 and 1.0.27, minor security fix |
|
Date: |
Tue, 04 Jul 2006 16:31:31 +0200 |
Hello,
NuFW 2.0.4, "astonished porcupine", has been released to fix a potential
security problem on the authentication server (nuauth).
INL’s internal study has shown that an authenticated user could be able
to bring nuauth down by sending a particularly well crafted packet with
a hacked NuFW client. This bug is not known to be exploitable for
something else than crashing the server.
NuFW core team recommends all users to upgrade their nuauth
installation.
This bug also apply to branch 1.0 of NuFW and NuFW 1.0.27 has been
released to fix this issue.
Full changelog for 2.0.4 is as follow:
- fix denial of service from authenticated users
- cleanly exit from nuauth when launched twice
- accept IPv4 packet with no payload
Happy users filtering to all,
--
Eric Leblond <address@hidden>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Nufw-users] NuFW 2.0.4 and 1.0.27, minor security fix,
Eric Leblond <=