[Openswan dev] Re: openswan potential DoS in sarge

Rene Mayrhofer rene.mayrhofer at gibraltar.at
Wed Apr 26 12:13:50 CEST 2006

Am Wednesday 26 April 2006 10:52 schrieb Martin Schulze:
> Rene Mayrhofer wrote:
> > [Since I'm CC'ing the list, this is about the pluto crash fixed with
> > 2.4.0, see http://lists.openswan.org/pipermail/dev/2005-April/000844.html
> > for the problem description.]
> >
> > Am Sunday 16 April 2006 10:18 schrieb Moritz Muehlenhoff:
> > > Does the crash take out the whole pluto daemon or only single instances
> > > serving a specific roadwarrior?
> >
> > The whole pluto daemon goes down and is immediately restarted.
> In that case there is no denial of service and it doesn't sound
> as if we need to fix anything.
It's still a DoS, because any other IPSec tunnels connected at the same time 
will be terminated. And if that host is not the initiator of the tunnels, or 
if they have been started manually (i.e. not via auto=start), or if the peers 
are road warriors, then the other side will need to reconnect. 
And if there's some peer running a new openswan version and set to retry 
indefinitely (the default), then it is constantly crashing the pluto daemon 
and causing a DoS for all other tunnels.

> However, if it's a segementation fault (contrary to a termination
> induced by a failed assertion), it would be helpful to know where
> the problem is indeed since it would be good to find out whether
> it is possible to inject arbitrary code.
I haven't looked at that.

with best regards,

Gibraltar firewall       http://www.gibraltar.at/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20060426/6b43a957/attachment.bin

More information about the Dev mailing list