[VIM] How CVE is handling the ISAKMP mess
Steven M. Christey
coley at linus.mitre.org
Fri Nov 18 15:52:53 EST 2005
The "status" fields in the CERT VU list a few vulnerable implementations
with pointers to advisories. That's more information than in the original
NISCC advisory.
- Steve
On Fri, 18 Nov 2005, security curmudgeon wrote:
>
> : FYI. For the ISAKMP PROTOS mess, I've decided to create 3 generic CANs
> : - one for "denial of service," one for format strings, and one for
> : buffer overflows - then create specific CANs for specific
> : implementations when available. One problem with this is that most
> : vendors probably won't provide enough details to know which type of
> : issue they're vulnerable to. Cisco just said "denial of service" but
> : one wonders if they're vulnerable to buffer overflows and are assuming
> : that their newfangled overflow protection is just a DoS, but I digress.
>
> OSVDB did close.. one generic entry for Denial of Service, one for
> 'Unspecified' which will cover BO/FS stuff, as we get details. From there
> we'll split it out by vendor or protocol issue.
>
>
More information about the VIM
mailing list