Comment 29 for bug 1847275

Revision history for this message
Juan Amores (juanamm) wrote : Re: [Bug 1847275] Re: stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS vulnerability

Hello everyone and especially the admins of this list.
I have tried to unsubscribe from this list and I can't do it because it
asks me for the password.
I have already requested a reminder of my password but the email does not
arrive.

Please tell me the steps to follow with this.

Thanks a lot.

El mar, 21 dic 2021 a las 11:05, Lars Kollstedt (<email address hidden>)
escribió:

> I also think CVE-2021-20230 and this bug are probably two different
> things. But Steve Arnold is also addressing CVE-2021-20230 in
> Comment#25, and it's still considered unfixed on
> https://ubuntu.com/security/CVE-2021-20230. So there is a a relation to
> this CVE, but CVE-2021-20230 is not describing this bug.
>
> This Bug should be worth a CVE, but I did't find one really describing
> this, yet. I'm trying one of Steves Arnolds Packages, now. Since I was
> experiencing crashes due this bug almost every day.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1847275
>
> Title:
> stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
> vulnerability
>
> Status in stunnel4 package in Ubuntu:
> Confirmed
>
> Bug description:
> On multiple machines running Ubuntu 18.04 (stunnel4 3:5.44-1ubuntu3),
> I am experiencing stunnel crashes seemingly caused by an attacker
> sending an invalid handshake of some sort.
>
> Aug 23 14:23:23 callisto stunnel[6302]: LOG5[599]: Service [btsync]
> accepted connection from ::ffff:23.225.177.161:61844
>
> Aug 23 14:23:24 callisto stunnel[6302]: INTERNAL ERROR: Bad magic at
> ssl.c, line 117
>
> Oct 07 18:21:10 elara stunnel[5718]: LOG5[1173]: Service [btsync]
> accepted connection from ::ffff:172.247.55.206:52036
>
> Oct 07 18:21:11 elara stunnel[5718]: INTERNAL ERROR: Bad magic at ssl.c,
> line 117
>
> Oct 07 21:07:40 callisto stunnel[15207]: LOG5[343]: Service [btsync]
> accepted connection from ::ffff:23.225.121.126:58374
>
> Oct 07 21:07:40 callisto stunnel[15207]: INTERNAL ERROR: Bad magic at
> ssl.c, line 117
>
> I suspect this to be an intentional (and successful) denial-of-service
> attack.
>
> Please let me know what other information I can usefully provide.
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions
>
>