[strongSwan] CVE-2015-4171
yordanos beyene
yordanosb at gmail.com
Thu Jun 18 04:30:00 CEST 2015
Thank you Noel for confirming Windows native VPN client when used with
strongswan as server is not impacted by the CVE.
Yordanos.
On Wed, Jun 17, 2015 at 4:22 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Yordanos,
>
> As the native Windows 7 Agile VPN client are different products by
> different
> companies and it shares no code with strongSwan, that software is not
> impacted by the referenced CVE. The CVE only applies to strongswan
> when used as initiator of an IKEv2 connection that uses EAP or PSK to
> authenticate itself
> against a remote peer.
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 18.06.2015 um 00:48 schrieb yordanos beyene:
> > Hello Noel,
> >
> > Yes, I mean the native Windos7 Agile VPN client.
> >
> > Yordanos.
> >
> > On Wed, Jun 17, 2015 at 3:36 PM, Noel Kuntze <noel at familie-kuntze.de
> <mailto:noel at familie-kuntze.de>> wrote:
> >
> >
> > Hello Yordanos,
> >
> > Do you refer to the native VPN client in Windows 7?
> >
> > Mit freundlichen Grüßen/Kind Regards,
> > Noel Kuntze
> >
> > GPG Key ID: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> > Am 18.06.2015 um 00:35 schrieb yordanos beyene:
> >
> > > Hello Strongswan team,
> >
> > > I appreciate if any one can confirm if strongSwan Vulnerability
> (CVE-2015-4171) that causes user credentials leak impacts Windows7 VPN
> clients.
> >
> > > Regards,
> > > Yordanos.
> >
> >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> > > https://lists.strongswan.org/mailman/listinfo/users
> >
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVggElAAoJEDg5KY9j7GZYx40P/iqW9RiY4YPdLcBor5AWovzP
> i/If74q8BWy73p3exQMJ95UDjScY7KCFYW5acnQGeeoSY+X59DfM4JbhKwTESpOC
> 39Q61JfIReBVXTYNeGN23fxnVfnaXLZ3189jLqyA4V7+Mb2p864w9KV6DNAlrfZs
> c+vJ69BrIVpPk/cwqauuliT2LG1S2Kg2VBi3uCI0EZ4A9UFIUJhOsTNzTi6Sb6IF
> L3wHi+PVzlIXB1VHoQHp9v07O8jw31PLutOhMCFe0nbqH4F2wkaJFMj9j5zmGjdR
> 8hTc92lUCaUGliQdevZGmJdD5pO5FzTlr4kznKAWgn06SmbgtHZyQZAFqkokMxJa
> h2TfyoG0Oyck+O2HCUPscfVNPeRDU0drafCj5WEcoCTNStAxjqnL0tadl70r/iCb
> FCkh34mlDp2z2qH/rD/BdP78ZjdWSf0KKzWeZKw1yev+WAqr5AIyMWblF5OTXFY1
> i+fJYIstIqX++H5c8sdkxHvm9FFZprRp7nDsyslk0klJRP5Iqs9/vNI/pNpMSf6i
> 8eEyBfV4ehUHbCqWwIytqKbIjDAXVnuaxLpKQPL1ONF8/1iRHH2mqAlIp1HaCTe5
> IxMXl5FYu+yg4ZeeKsD082rdGJ8CAZOGE5YMxhgdYjctIzhPaxWLUvimWG6/SW4c
> akP9e5fJeQKdf207gh+F
> =5bZf
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150617/46def145/attachment.html>
More information about the Users
mailing list