Automation Portals
- Automatic Identification
- Building Automation
- Design & Simulation
- Digital Factory
- Electrical & Control Panels
- Embedded Automation
- Factory Automation
- Fieldbus Networks
- Fluid Power, Valves & Pumps
- HMI & Operator Interfaces
- Industrial Communications
- Industrial Computers
- Industrial I/O
- Machine Control
- Machine Safety
- Machine Tools, CNC & DNC
- Manufacturing Intelligence
- Material Handling
- Motion Control, Motors & Drives
- OPC
- Packaging
- Plant Engineering & Maintenance
- PLCopen
- Power & Energy
- Process Control
- Process Instruments
- Process Safety
- Programmable Automation Controller (PAC)
- Programmable Logic Controller (PLC)
- Robots & Robot Controllers
- SCADA & RTU
- Security
- Sensors
- Systems Integration
- Test, Measurement & LIMS
- Vision
- Wireless Connectivity
Find all the latest information on these topics:
Today's Automation News Headlines from Automation.com
| Mu Dynamics finds open source VPN vulnerability | ||
|
||
September 22, 2008 – Mu Dynamics discovered and helped remediate a dangerous 0-day vulnerability within strongSwan’s IKEv2 implementation. strongSwan is an open source IPsec-based virtual private network (VPN) solution for the Linux operating system. IPsec-based VPNs secure corporate VoIP, email, web, IPTV and other IP-based services over public network infrastructures. A precise sequence of complex events (the IKEv2 protocol) is required to establish VPN connectivity. strongSwan includes an Internet Key Exchange version 2 implementation (IKEv2) to authenticate users and establish session keys, enabling Internet Protocol (IP) traffic to be encrypted and/or digitally signed within IPsec-based VPNs. Mu Labs discovered that an unauthenticated anonymous attacker could crash a strongSwan-based VPN terminator or other IPsec device using only the very first IKEv2 packet. “The best defense against this 0-day vulnerability is to immediately upgrade to the patched version of strongSwan,” said Thomas Maufer, Mu Dynamics’ Director of Technical Marketing. “The Mu Labs development team appreciates strongSwan’s extremely rapid response time in producing a fix to this serious bug in just one day." Other IKEv2 implementations are at least as complex and thus likely vulnerable to similar failures. In order to prevent IPsec VPN service downtime from similar software weakness in complex code, IKEv2 implementations must be subjected to variations on real world service-level traffic throughout the deployment life cycle. For both operators offering IPsec VPN services and their vendors, products must continuously prove they can tolerate unexpected or invalid inputs without experiencing service degradation or downtime. Technical Background Affected Products/Versions: strongSwan 4.2.6 and other branches Product Overview: strongSwan is an open source IPsec-based VPN Solution for the Linux operating system. Vulnerability Details: An IKE_SA_INIT message with a Key Exchange payload containing a large number of NULL values can cause a crash of the IKEv2 charon daemon. The problem is strongSwan dereferences a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). Vendor Response/Solution: Fixed in strongSwan 4.2.7 and other branches. History: First contact with vendor: September 16, 2008 Vendor releases fix: September 17, 2008 About Mu Dynamics Mu Dynamics proactively eliminates the high cost of service, application and network downtime. Mu’s solution automates a systematic and repeatable process that identifies hard-to-detect sources of potential downtime within IP services, applications, and underlying networks. The award-winning Mu solution is deployed at more than 100 locations, primarily at leading global service providers, cable operators and network product vendors. Headquartered in Sunnyvale, California, Mu is backed by leading venture capital firms that include Accel Partners, Benchmark Capital, DAG Ventures and Focus Ventures. |
||
|
||
