Bug ID 678380: Deleting an IKEv1 peer in current use could SEGV on race conditions.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3

Fixed In:
14.0.0, 13.1.1.4, 12.1.3.7

Opened: Aug 14, 2017

Severity: 2-Critical

Related Article: K26023811

Symptoms

When either deleting a peer in IKEv1 or updating it, this problem causes the v1 racoon daemon to crash with a SIGSEGV under some race conditions, intermittently.

Impact

If the problem occurs, the IKEv1 racoon daemon restarts and interrupts IPsec traffic.

Conditions

This requires a peer using IKEv1, which gets updated or deleted while the IKEv1 racoon daemon is performing operations related to this peer.

Workaround

None.

Fix Information

The system now checks whether the old peer definition is valid when navigating from phase-one SAs to the IKEv1 peer definition.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips