[iodine-users] New release: 0.7.0 (with security fix)

[Erik Ekman]

Hi all

Believe it or not, there has been some work done in the last four years..
I have been planning to make a new release soon and a newly discovered
security issue made it more urgent.

Versions before the new 0.7.0 are vulnerable to a authentication bypass
issue by an evil client which may process to guess the network ip addresses
and continue setting up the connnection even if the password was incorrect.
If the network information is correct it will be allowed to send traffic
like normal.

The new release also contains some new features:

- Partial IPv6 support (#107)
  Client can connect to iodined through an relaying IPv6
  nameserver. Server only supports IPv4 for now.
  Traffic inside tunnel is IPv4.
- Add socket activation for systemd, by Michael Scherer.
- Add automated lookup of external ip (via -n auto).
- Bugfix for OS X (Can't assign requested address)
- Fix DNS tunneling bug caused by uninitialized variable, #94
- Handle spaces when entering password interactively, fixes #93.
Patch by Hagar.
- Add -R option to set OpenBSD routing domain for the DNS socket.
Patch by laurent at gouloum fr, fixes #95.
- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
- A number of minor patches from Frank Denis, Gregor Herrmann and
Barak A. Pearlmutter.
- Testcase compilation fixes for OS X and FreeBSD
- Do not let sockets be inherited by sub-processes, fixes #99.
- Add unspecified RR type (called PRIVATE; id 65399, in private use
range). For servers with RFC3597 support. Fixes #97.
- Fix authentication bypass vulnerability; found by Oscar Reparaz.

Get the new release now at http://code.kryo.se/iodine/
Download as source, 32/64 bit binaries for windows, or as Android binaries.

/Erik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wpkg.org/pipermail/iodine-users/attachments/20140616/e0bb5576/attachment-0003.html>