Re: [Bug 1847275] Re: stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS vulnerability

2021-12-21 Thread Juan Amores 
Hello everyone and especially the admins of this list.
I have tried to unsubscribe from this list and I can't do it because it
asks me for the password.
I have already requested a reminder of my password but the email does not
arrive.

Please tell me the steps to follow with this.

Thanks a lot.

El mar, 21 dic 2021 a las 11:05, Lars Kollstedt (<1847...@bugs.launchpad.net>)
escribió:

> I also think CVE-2021-20230 and this bug are probably two different
> things. But Steve Arnold is also addressing CVE-2021-20230 in
> Comment#25, and it's still considered unfixed on
> https://ubuntu.com/security/CVE-2021-20230. So there is a a relation to
> this CVE, but CVE-2021-20230 is not describing this bug.
>
> This Bug should be worth a CVE, but I did't find one really describing
> this, yet. I'm trying one of Steves Arnolds Packages, now. Since I was
> experiencing crashes due this bug almost every day.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1847275
>
> Title:
>   stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
>   vulnerability
>
> Status in stunnel4 package in Ubuntu:
>   Confirmed
>
> Bug description:
>   On multiple machines running Ubuntu 18.04 (stunnel4 3:5.44-1ubuntu3),
>   I am experiencing stunnel crashes seemingly caused by an attacker
>   sending an invalid handshake of some sort.
>
>   Aug 23 14:23:23 callisto stunnel[6302]: LOG5[599]: Service [btsync]
> accepted connection from :::23.225.177.161:61844
>
>   Aug 23 14:23:24 callisto stunnel[6302]: INTERNAL ERROR: Bad magic at
> ssl.c, line 117
>
>   Oct 07 18:21:10 elara stunnel[5718]: LOG5[1173]: Service [btsync]
> accepted connection from :::172.247.55.206:52036
>
>   Oct 07 18:21:11 elara stunnel[5718]: INTERNAL ERROR: Bad magic at ssl.c,
> line 117
>
>   Oct 07 21:07:40 callisto stunnel[15207]: LOG5[343]: Service [btsync]
> accepted connection from :::23.225.121.126:58374
>
>   Oct 07 21:07:40 callisto stunnel[15207]: INTERNAL ERROR: Bad magic at
> ssl.c, line 117
>
>   I suspect this to be an intentional (and successful) denial-of-service
>   attack.
>
>   Please let me know what other information I can usefully provide.
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions
>
>

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275

Title:
  stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
  vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1847275] Re: stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS vulnerability

2020-06-23 Thread Juan Amores 
I made a more radical decision, I upgraded to 20.04 LTS (focal), installed 
Stunnel 5.56 and so far I have not had any crashes.
For those who want and can do this upgrade, I recommend them, since not only is 
Stunnel updated, but also OpenSSL.
For newbies like me I share the commands:

sudo apt update
sudo apt upgrade
sudo do-release-upgrade -d

After that the Stunnel looks like this:

root@ip-x:/home/ubuntu# stunnel -v
[ ] Clients allowed=500
[.] stunnel 5.56 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.1c  28 May 2019
[.] Running  with OpenSSL 1.1.1f  31 Mar 2020
[.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI 
Auth:LIBWRAP
[ ] errno: (*__errno_location ())
[!] Invalid configuration file name "-v"
[!] realpath: No such file or directory (2)
[ ] Deallocating section defaults

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275

Title:
  stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
  vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1847275] Re: stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS vulnerability

2020-06-20 Thread Juan Amores 
This thread takes several months without solution for Ubuntu 18.04 users.
I recently requested a backport to be able to update Stunnel to its latest 
version.
Stunnel crash continuously and I think the update would help fix this problem.
Please Bionic Backports I request to give priority to my request, which will 
benefit all of us who continue to use Bionic. 
https://bugs.launchpad.net/bionic-backports/+bug/1884279

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275

Title:
  stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
  vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs