elmore
December 14th, 2004, 13:08
Markus Friedl reported this on misc@ today:

"On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ipsec(4) credentials on a socket. Stopping isakmpd(8) does not prevent the memory corruption.

This has been fixed in OpenBSD-current, and the OpenBSD 3.6, 3.5, and 3.4 -stable branches. Patches are also available for OpenBSD 3.6, 3.5 and 3.4:

ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/035_pfkey.patch

Thanks to Stefan Miltchev for reporting the problem.

-markus"