Bug ID 678380: Deleting an IKEv1 peer in current use could SEGV on race conditions.

Last Modified: Jan 30, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3

Fixed In:
14.0.0, 13.1.1.4, 12.1.3.7

Opened: Aug 14, 2017
Severity: 2-Critical
Related AskF5 Article:
K26023811

Symptoms

When either deleting a peer in IKEv1 or updating it, this problem causes the v1 racoon daemon to crash with a SIGSEGV under some race conditions, intermittently.

Impact

If the problem occurs, the IKEv1 racoon daemon restarts and interrupts IPsec traffic.

Conditions

This requires a peer using IKEv1, which gets updated or deleted while the IKEv1 racoon daemon is performing operations related to this peer.

Workaround

None.

Fix Information

The system now checks whether the old peer definition is valid when navigating from phase-one SAs to the IKEv1 peer definition.

Behavior Change