IPSEC + long UDP causes reproducible crash [was: Crash in
ether_input]
Chris Cowart
ccowart at rescomp.berkeley.edu
Thu Sep 10 23:19:09 UTC 2009
VANHULLEBUS Yvan wrote:
> On Thu, Sep 10, 2009 at 12:37:39AM -0700, Chris Cowart wrote:
>> I have been using i386 and amd64 virtual machines as well as an amd64
>> physical machine; this problem can be reproduced fairly reliably on all
>> of them for 7.0 and 7.1 (and we're pretty sure we saw it in 6.x and
>> didn't know what it was at the time).
>
> I fixed in FreeBSD 7.2+ a bug which looks to be related with your
> crashes (kernel panic with big packets), could you please try again
> with FreeBSD 7.2 and report us the result ?
The problem does indeed seem to be gone with 7.2.
Given that any unprivileged user could compile and run such a program on
an IPSEC-enabled pre-7.2 box and crash the system, isn't this a local
DoS exploit that should be fixed in the supported security branches
(including 7.1)?
--
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20090910/78c85c83/attachment.pgp
More information about the freebsd-net
mailing list