Package: openswan Version: 1:2.2.0-8 Severity: important
We have an IPsec gateway running kernel 2.4.27-2-686 with openswan 2.2 and openswan-modules 2.4.27-2-686. When ever a some tunnel peers running kernel 2.6.8-2-686 and openswan 2.4 and the corresponding modules try to connect to the gateway pluto dies with a segmentation fault and gets restarted every three to four minutes: ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 1: 1330 Segmentation fault /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-none --uniqueids ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11) ipsec__plutorun: restarting IPsec after pause... During the crash-restart time all the other tunnels serverd by the gateway are naturally down to. I think this can possibly also be used as a denial of service attack. Maybe the severity should be raised. Christoph -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages openswan depends on: ii bsdmainutils 6.0.17 collection of more utilities from ii debianutils 2.8.4 Miscellaneous utilities specific t ii gawk 1:3.1.4-2 GNU awk, a pattern scanning and pr ii host 20000331-9 utility for querying DNS servers ii iproute 20041019-3 Professional tools to control the ii ipsec-tools 1:0.5.2-1sarge1 IPsec tools for Linux ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libgmp3 4.1.4-6 Multiprecision arithmetic library ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii makedev 2.3.1-77 creates device files in /dev ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL) binary a -- debconf information: openswan/existing_x509_key_filename: openswan/x509_state_name: openswan/x509_email_address: openswan/x509_country_code: AT openswan/x509_self_signed: true openswan/rsa_key_length: 2048 * openswan/restart: false * openswan/start_level: earliest * openswan/enable-oe: false openswan/x509_organizational_unit: openswan/x509_locality_name: openswan/existing_x509_certificate: false openswan/existing_x509_certificate_filename: openswan/x509_common_name: * openswan/create_rsa_key: false openswan/rsa_key_type: x509 openswan/x509_organization_name: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
