| ▲ | eqvinox 3 hours ago | |||||||
No, unless I'm misreading it it's the *same* root cause: high 32 bits of Extended ESN in IPsec == authencesn module/cipher mode. The wrong thing got fixed for copy.fail, because people jumped to blame AF_ALG. [ed.: yes it's the same authencesn issue. https://github.com/V4bel/dirtyfrag/blob/892d9a31d391b7f0fccb... it doesn't say authencesn in the code, only in a comment, but nonetheless, same issue.] [ed.2: the RxRPC issue is separate, this is about the ESP one] | ||||||||
| ▲ | firer 2 hours ago | parent [-] | |||||||
There are two vulnerabilities here. The RxRPC one is definitely a different root cause (although caused by a very similar mistake). For the ESP one it's a bit harder to tell. I don't think the wrong thing was fixed, just that there was a very similar bug in almost the same spot. Could be wrong about that though. | ||||||||
| ||||||||