[Openswan dev] Re: openswan potential DoS in sarge

Rene Mayrhofer rene.mayrhofer at gibraltar.at
Sun Apr 16 19:04:40 CEST 2006

Hi Moritz, Dear openswan team,

[Since I'm CC'ing the list, this is about the pluto crash fixed with 2.4.0, 
see http://lists.openswan.org/pipermail/dev/2005-April/000844.html for the 
problem description.]

Am Sunday 16 April 2006 10:18 schrieb Moritz Muehlenhoff:
> Does the crash take out the whole pluto daemon or only single instances
> serving a specific roadwarrior?
The whole pluto daemon goes down and is immediately restarted.

> Does the crash occur after initial authorization / key exchange or can
> arbitrary remote road warriors attempt to cause the crash?
Although I am not sure about it, it seems to happen after authentication. My 
logs posted at http://lists.openswan.org/pipermail/dev/2005-April/000844.html
seem to suggest this. So it seems to be secure in the sense that only 
authorized users can crash it. However, this is typically also seen as a DoS 
(comparable to local privilege escalation bugs).

> Do I understand it correctly, that the crash can't be reproduced with road-
> warriors from stable?
Correct. pluto from testing/unstable triggers it reproducably, but, pluto from 
stable does not. But I have heard cases by other users that they experienced 
the crash with other implementations too (non-Linux). This is anecdotal - I 
don't have any logs showing it.

> At a first glance this doesn't smell like a security problem (but that
> depends on the answers above). Intercompatibility between older and newer
> versions is certainly desirable, but OTOH roadwarriors are under control of
> the local admin as well and can be forced to run stable on their notebooks
> as well.
True, but assuming an adversary, it can be a DoS for large gateways with many 
roadwarriors. The logs should reveal the culprit, but it's still denial of 

> Upgrading to 2.4.5 isn't an option in either case, it has the potential to
> introduce more regressions and incompatibilities for existing setups, that
> it would fix in this specific use case.
> I'd recommend to contact upstream and ask them if they can isolate a patch,
> which fixes the crash. If it's isolated and easily reviewable it may be a
> candidate for important bug fixes entering a Sarge stable update.
Paul, Michael, what do you think? Is the fix to it trivial to backport? I 
would feel safer with Debian stable having a pluto daemon that can't be 
crashed remotely.

with best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20060416/5890673b/attachment.bin

More information about the Dev mailing list