i attached logs
בתאריך יום א׳, 17 בנוב׳ 2024 ב-17:51 מאת Gert Doering <
g...@greenie.muc.de>:
> Hi,
>
> On Sun, Nov 17, 2024 at 03:50:18PM +0200, ?? wrote:
> > I think there is an option for DoS and therefore there is an option to
> cve
> > or to write a patch..
>
> W
Hi,
On Sun, Nov 17, 2024 at 06:16:30PM +0200, ?? wrote:
> i attached logs
please point out where you see "an option for DoS" in these logs
(exactly which line, triggered by what "attack" vector).
gert
--
"If was one thing all people took for granted, was conviction that if you
f
I think there is an option for DoS and therefore there is an option to cve
or to write a patch..
בתאריך יום א׳, 17 בנוב׳ 2024 ב-12:03 מאת Gert Doering <
g...@greenie.muc.de>:
> Hi,
>
> On Sun, Nov 17, 2024 at 05:45:16AM +0200, ?? wrote:
> > I send logs:
>
> Everything
Hi,
On Sun, Nov 17, 2024 at 08:18:12AM +0200, ?? wrote:
> how to write a patch to fix it?
Since there does not seem anything to fix, so far, there is no need to
write a patch to fix anything.
Johan has written you a long and detailed reply how you can proceed.
Start with reading th
We asked you for many things in the past mails. We expect to do ALL
these things to properly report the issue. Not just one of them. E.g.
logs of server, usage of a modern version, a description what the DoS
vulnerability actually is and so on are still missing. Just sending the
client is just
вс, 17 нояб. 2024 г. в 04:46, נתי שטרן :
> hi,
> I send logs:
>
it is hard to say what is wrong in the logs sent. from my point of view -
those logs do not indicate any security issue.
please try to explain in details why do you think it is security issue.
>
>
> greetings,
> Netanel
>
>
Hello,
I don't have access to server logs, I sent you the client logs as well as
the line pointing to the DoS:
TLS Error: TLS key negotiation failed to occur within 5 seconds
SIGUSR1[soft,tls-error] received, process restarting
בתאריך יום א׳, 17 בנוב׳ 2024 ב-21:09 מאת Arne Schwabe <a...@rfc25
Whatever they ask you to do
On Mon, Nov 18, 2024, 08:38 נתי שטרן wrote:
> What can I do to assign a CVE?
> I attached the CVE team of ISRAEL CERT to conversation
>
> tnx
>
> בתאריך יום ב׳, 18 בנוב׳ 2024 ב-9:29 מאת Илья Шипицин <
> chipits...@gmail.com>:
>
>> As many details as possible
As many details as possible. Configuration file usually helps.
Other than that also server side logs are nice to have. As well as the
detailed repro steps
On Mon, Nov 18, 2024, 08:27 נתי שטרן wrote:
> Do you want the configuration file?
>
> בתאריך יום ב׳, 18 בנוב׳ 2024 ב-9:14 מאת Gert Doering
this is configuration:
client
nobind
dev tun
remote-cert-tls server
remote 103.6.170.21 1194 udp
-BEGIN PRIVATE KEY-
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHcRa93/VAJxQ7
ZvAKTfWgmnBavFPMCxpf19alf6wMcFfJ4bln8U2MIwAciLkmsBNnSmV+I17A26re
C05nodgjY7AUJ4BBS+AE4wqSl8C3fgjOTSkbE5e
I sent my configuration file
בתאריך יום ב׳, 18 בנוב׳ 2024 ב-9:29 מאת Илья Шипицин <
chipits...@gmail.com>:
> As many details as possible. Configuration file usually helps.
>
> Other than that also server side logs are nice to have. As well as the
> detailed repro steps
>
> On Mon, Nov 18,
What can I do to assign a CVE?
I attached the CVE team of ISRAEL CERT to conversation
tnx
בתאריך יום ב׳, 18 בנוב׳ 2024 ב-9:29 מאת Илья Шипицин <
chipits...@gmail.com>:
> As many details as possible. Configuration file usually helps.
>
> Other than that also server side logs are nice to
No problem, I understand.
it isn't social experiment
are 2 different separated questions
1. apply for CVE
2. how to write a PATCH
בתאריך יום א׳, 17 בנוב׳ 2024 ב-17:06 מאת Илья Шипицин <
chipits...@gmail.com>:
>
>
> вс, 17 нояб. 2024 г. в 16:02, נתי שטרן :
>
>> How to apply to CVE?
having heard that, I still think it is social experiment.
both questions are covered with numerous guides. you are not telling what
you've tried already and whether thre some particular problem with opening
CVE or writing a patch or you just want people to teach you from the
beginning.
вс, 17
Hi,
On Sun, Nov 17, 2024 at 03:50:18PM +0200, ?? wrote:
> I think there is an option for DoS and therefore there is an option to cve
> or to write a patch..
What you *think* is only relevant if you can actually *demonstrate* this.
Show the DoS - in a way relevant to OpenVPN
вс, 17 нояб. 2024 г. в 14:51, נתי שטרן :
> I think there is an option for DoS and therefore there is an option to cve
> or to write a patch..
> בתאריך יום א׳, 17 בנוב׳ 2024 ב-12:03 מאת Gert Doering <
> g...@greenie.muc.de>:
>
did you apply for CVE ?
> Hi,
>>
>> On Sun, N
How to apply to CVE?
netanel
בתאריך יום א׳, 17 בנוב׳ 2024 ב-16:56 מאת Илья Шипицин <
chipits...@gmail.com>:
>
>
> вс, 17 нояб. 2024 г. в 14:51, נתי שטרן :
>
>
>
>
>> I think there is an option for DoS and therefore there is an option to
>> cve or to write a patch..
>> בתאר
вс, 17 нояб. 2024 г. в 16:02, נתי שטרן :
> How to apply to CVE?
>
sorry, it looks like social experiment. you ask how to write a patch, how
to apply for cve. maybe you expect people to be friendly, but I'm not sure
people are motivated to teach you.
sorry, I quit. I'm sure there are a lot
Hi,
On Sun, Nov 17, 2024 at 05:45:16AM +0200, ?? wrote:
> I send logs:
Everything I can see in these logs is intentional - the exponential
backoff is there on purpose, to avoid (!) exhausting resources (CPU,
disk, ...) if there is a transient failure - as in "it can not succeed
now,
Thanks for the tip!
בתאריך יום א׳, 17 בנוב׳ 2024 ב-6:24 מאת tincantech <
tincant...@protonmail.com>:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi nsh...@gmail.com
>
> It is common procedure to keep security concerns to the security@ mailing
> list.
>
> To have your concerns
20 matches
Mail list logo
