*** This bug is a security vulnerability ***
Public security bug reported:
On multiple machines running Ubuntu 18.04 (stunnel4 3:5.44-1ubuntu3), I
am experiencing stunnel crashes seemingly caused by an attacker sending
an invalid handshake of some sort.
Aug 23 14:23:23 callisto stunnel[6302]: LOG5[599]: Service [btsync] accepted
connection from ::ffff:23.225.177.161:61844
Aug 23 14:23:24 callisto stunnel[6302]: INTERNAL ERROR: Bad magic at ssl.c,
line 117
Oct 07 18:21:10 elara stunnel[5718]: LOG5[1173]: Service [btsync] accepted
connection from ::ffff:172.247.55.206:52036
Oct 07 18:21:11 elara stunnel[5718]: INTERNAL ERROR: Bad magic at ssl.c, line
117
Oct 07 21:07:40 callisto stunnel[15207]: LOG5[343]: Service [btsync] accepted
connection from ::ffff:23.225.121.126:58374
Oct 07 21:07:40 callisto stunnel[15207]: INTERNAL ERROR: Bad magic at ssl.c,
line 117
I suspect this to be an intentional (and successful) denial-of-service
attack.
Please let me know what other information I can usefully provide.
** Affects: stunnel4 (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
