Remote DoS in 6tunnel (fwd)

Tue, 23 Oct 2001 14:29:59 -0700 

Perhaps interesting,

Short information: 6tunnel below 0.09 is unsecure and should be
upated asap.

        Peter, with credits to "from" in forwarded message


---------- Forwarded Message ----------
Date: Tuesday, October 23, 2001 05:48:08 PM +0200
From: awayzzz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Remote DoS in 6tunnel

> 
> SUMMARY
> 6tunnel is a simple tunneling program for applications that don't
> speak IPv6. It's most used as an IRC proxy for clients without IPv6
> support. A serious vulnerability in this program allow any user to
> crash 6tunnel locally and in some cases remotely.
> 
> SYSTEM / VERSIONS AFFECTED
> Older versions.
> 6tunnel 0.06
> 6tunnel 0.07
> Version 0.07 should be included in the latest version of freeBSD
> ports and netBSD. It's even included by default in PLD (
> http://www.pld.org.pl/ ) Version 0.08 has a wrong fix.
> 
> IMMUNE VERSIONS
> 6tunnel 0.09
> 
> DETAILED DESCRIPTION
> The socket opened when the client connects to 6tunnel is not
> correctly closed at the end of connection: in some cases, when the
> connection is closed by server (i.e. on IRC with a quit command,
> the IRC server close the connection) the socket will be closed
> after a short timeout. But if it's closed after a client
> disconnection, the socket remains in state CLOSE (as you can see
> with netstat) till 6tunnel will be killed or stopped. So flooding
> 6tunnel with connections/disconnections there are a lot of sockets
> not closed and after a variable number of connections (depending on
> OS,system,etc) 6tunnel will crash. Clients that were already
> connected before the crash won't be disconnected but it's not
> possible to make new connections. In order to crash 6tunnel
> remotely we must only be able to establish a connection.
> 
> OTHER INFORMATIONS:
> I reported this bug one week ago. After few hours the official
> maintainer <[EMAIL PROTECTED]> released a new version (6tunnel-0.08).
> This version was broken so I reported it with a working fix and
> after few days the corrected version (6tunnel-0.09) was released.
> This new version fixes even some memory leaks. You can find it
> here: ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
> 
> A simple IPv4/IPv6 connection flooder to demonstrate the DoS is
> attached.
> 
> Excuse me for my poor English.
> Regards.
> --
> awayzzz <[EMAIL PROTECTED]> 

---------- End Forwarded Message ----------

Antwort per Email an