[ previous ] [ next ] [ threads ]
 
 From:  DLStrout <dstrout at maine dot rr dot com>
 To:  m0n0wall at lists dot m0n0 dot ch, m0n0wall dash announce at lists dot m0n0 dot ch
 Subject:  question/Info on racoon
 Date:  Fri, 11 Mar 2005 15:48:46 -0500
All,

Are there any known bugs/hacks/vulnerabilities with the 20040818a 
version of racoon that is in the 1.2b6 release?

SYSLOG MESSAGE:
racoon: INFO: main.c:172:main(): @(#)package version freebsd-20040818a

My concern is that I have found that there is a vulnerability w/ the 
20040116a version of racoon as stated here .....
http://people.freebsd.org/~eik/portaudit/739bb51d-7e82-11d8-9645-0020ed76ef5a.html

I'll be doing my own penatration/vulnerability/load testing on the 1.2b6 
IPsec VPN this weekend .. but just wanted to post the question to all 
... as I can not find any known racoon ver. 20040818a B/H/V's posted 
anywhere.

I have several clients with sensative data flowing over IPsec BOVPN's 
and am considering an upgrade to production m0n0's for supported clients 
for this reason alone.  (I know we shouldn't run beta in production ... 
but ????)