Date: Thu, 10 Sep 2009 16:19:08 -0700 From: Chris Cowart <ccowart@rescomp.berkeley.edu> To: VANHULLEBUS Yvan <vanhu@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: IPSEC + long UDP causes reproducible crash [was: Crash in ether_input] Message-ID: <20090910231908.GD37291@hal.rescomp.berkeley.edu> In-Reply-To: <20090910081337.GA66528@zeninc.net> References: <20090904223123.GD16213@hal.rescomp.berkeley.edu> <723505E9-96C6-401C-A844-3D9BA2033795@neville-neil.com> <20090907191001.GA37291@hal.rescomp.berkeley.edu> <54FDC10A-EAE3-4AE2-BF36-2C5F7D141C3A@neville-neil.com> <20090910073739.GB37291@hal.rescomp.berkeley.edu> <20090910081337.GA66528@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--3yNHWXBV/QO9xKNm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable VANHULLEBUS Yvan wrote: > On Thu, Sep 10, 2009 at 12:37:39AM -0700, Chris Cowart wrote: >> I have been using i386 and amd64 virtual machines as well as an amd64 >> physical machine; this problem can be reproduced fairly reliably on all >> of them for 7.0 and 7.1 (and we're pretty sure we saw it in 6.x and >> didn't know what it was at the time). >=20 > I fixed in FreeBSD 7.2+ a bug which looks to be related with your > crashes (kernel panic with big packets), could you please try again > with FreeBSD 7.2 and report us the result ? The problem does indeed seem to be gone with 7.2. Given that any unprivileged user could compile and run such a program on an IPSEC-enabled pre-7.2 box and crash the system, isn't this a local DoS exploit that should be fixed in the supported security branches (including 7.1)? --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --3yNHWXBV/QO9xKNm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iQIcBAEBAwAGBQJKqYlsAAoJEC8b9sM8ejXtJxIP/RwdxU/KpDf39Gzt+cYwfY7a FAkG8Us/qWKdhhoERRnHu0MQsFhOCAWSDDcczBDm60B5urbhbec55uROspt7Jrzc cNIcAp9CBGzVwBImbmAgllOIIkLIQZK7HInTCCl0ekjkYYvmyw42b9LSSo4myyQu M/yFjb5HAVjhy2WzcZvrNoZFMOCM9tPHEpx1p4NYybS1tRk8eUvnIi3rkxPTBMFb SjGo7xm6fYBDz8skGLRvzEDJNJf66OqSJwot4Hvu6la73iirGgPnw8kX0LzTSRxb 1btd91keBLx3cnhQJxGD4F7J554ZGAaTXIHYYfc4gVKFcoiC7elZzrsSzaJ0ZA5y zxdyYoJbsV18N9TOMNwkw5kglPzsmdMxYBI4vdE61QrYgLe7vX/2y5hdUmWs7QWk 5NVXoHwkq7WetjxGSzRkeXXkqeXVwwgl2MVfBj909BaMXWQrRy2y8j3FxSq6JLZ2 QJm6cIlsQHMgMUloUlp8LgN1duuzREqfVpXZEeUyFRIVvts/a43wqxfiiOE6Lxqh JkhNi8MeLJoc1BSBsTVmZ29Opa9hGbp0wXEpDoXdrN6TsE1XAb1+zHxJeuZHFi6u pnaWfyYZSmqfctDnmAo9vJGZxtYcvByZYsrpGmsSL4MiThtcpL7R7LibR4BrnAAX Bafw/FPSLr91kYkiwHbc =32dj -----END PGP SIGNATURE----- --3yNHWXBV/QO9xKNm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090910231908.GD37291>