[Openswan Users] Pluto restart caused by incoming packet possible DOS
Erich Titl
erich.titl at think.ch
Thu Apr 30 08:00:12 EDT 2009
Hi everybody
I am new at this list although I am using *swan for quite a number of
years extensively. Today one of my servers had a pluto restart which I
believe I could trace back to an incoming packet from a foreign source.
The log looks like
Apr 30 08:57:27 gatekeeper-internal pluto[1143]: FATAL ERROR: packet
from 80.238.212.245:47156: unable to malloc 0 bytes for message buffer
in comm_handle()
Apr 30 08:57:27 gatekeeper-internal pluto[1143]: forgetting secrets
Apr 30 08:57:27 gatekeeper-internal pluto[1143]:
"IBAG_to_OSTERMUNDIGEN": deleting connection
and so on, pluto would pull down all connections and restart. I looked
at the source and found that a pluto restart will always occur in this
situation. If this can be triggered by a crafted packet this could be
used as a DOS attack aginst OpenSwan installations.
Ah, btw. I am running 2.4.7 wich is not the latest and greatest, but
imposed by the appliance SW (leaf.sourceforge.net). I looked into the
respective code on 2.6.21 and it looked pretty much the same.
regards
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3396 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090430/7d6bf75c/attachment.bin
More information about the Users
mailing list