[Openswan dev] Re: openswan potential DoS in sarge
Rene Mayrhofer
rene.mayrhofer at gibraltar.at
Sun Apr 16 19:04:40 CEST 2006
Hi Moritz, Dear openswan team,
[Since I'm CC'ing the list, this is about the pluto crash fixed with 2.4.0,
see http://lists.openswan.org/pipermail/dev/2005-April/000844.html for the
problem description.]
Am Sunday 16 April 2006 10:18 schrieb Moritz Muehlenhoff:
> Does the crash take out the whole pluto daemon or only single instances
> serving a specific roadwarrior?
The whole pluto daemon goes down and is immediately restarted.
> Does the crash occur after initial authorization / key exchange or can
> arbitrary remote road warriors attempt to cause the crash?
Although I am not sure about it, it seems to happen after authentication. My
logs posted at http://lists.openswan.org/pipermail/dev/2005-April/000844.html
seem to suggest this. So it seems to be secure in the sense that only
authorized users can crash it. However, this is typically also seen as a DoS
(comparable to local privilege escalation bugs).
> Do I understand it correctly, that the crash can't be reproduced with road-
> warriors from stable?
Correct. pluto from testing/unstable triggers it reproducably, but, pluto from
stable does not. But I have heard cases by other users that they experienced
the crash with other implementations too (non-Linux). This is anecdotal - I
don't have any logs showing it.
> At a first glance this doesn't smell like a security problem (but that
> depends on the answers above). Intercompatibility between older and newer
> versions is certainly desirable, but OTOH roadwarriors are under control of
> the local admin as well and can be forced to run stable on their notebooks
> as well.
True, but assuming an adversary, it can be a DoS for large gateways with many
roadwarriors. The logs should reveal the culprit, but it's still denial of
service.
> Upgrading to 2.4.5 isn't an option in either case, it has the potential to
> introduce more regressions and incompatibilities for existing setups, that
> it would fix in this specific use case.
>
> I'd recommend to contact upstream and ask them if they can isolate a patch,
> which fixes the crash. If it's isolated and easily reviewable it may be a
> candidate for important bug fixes entering a Sarge stable update.
Paul, Michael, what do you think? Is the fix to it trivial to backport? I
would feel safer with Debian stable having a pluto daemon that can't be
crashed remotely.
with best regards,
Rene
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20060416/5890673b/attachment.bin
More information about the Dev
mailing list