On Jan 28, 2008 11:05 PM, Richard P. Koett <[EMAIL PROTECTED]> wrote: > Dear Misc: > > I've been asked to look into an issue on a i386 system running OpenBSD 3.7. I > realize this is rather out-of-date, so feel free to ignore this question if > it's inappropriate... > > The machine is running poptop-1.1.4.b4p1. Someone did an audit and declared > "PoPToP servers prior to version 1.1.4-bs are vulnerable to a buffer > overflow". I notice that even the current version of OpenBSD has a package for > poptop-1.1.4.b4p1, so I find it hard to believe that this version contains a > known buffer overflow. My question is - what information can I provide the > auditor to assure them of this? > > Thanks in advance for any comments. For what it's worth I am aware of > alternatives to PoPToP such as OpenVPN. > > RPK.
http://www.openbsd.org/faq/faq15.html#Intro See the third paragraph in this section.