Dear Misc: I've been asked to look into an issue on a i386 system running OpenBSD 3.7. I realize this is rather out-of-date, so feel free to ignore this question if it's inappropriate...
The machine is running poptop-1.1.4.b4p1. Someone did an audit and declared "PoPToP servers prior to version 1.1.4-bs are vulnerable to a buffer overflow". I notice that even the current version of OpenBSD has a package for poptop-1.1.4.b4p1, so I find it hard to believe that this version contains a known buffer overflow. My question is - what information can I provide the auditor to assure them of this? Thanks in advance for any comments. For what it's worth I am aware of alternatives to PoPToP such as OpenVPN. RPK.
