Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FVP-02-006 WP3: Race condition in Ping Sender could expose gateway IP #801

Closed
bakulf opened this issue Apr 7, 2021 · 1 comment
Closed
Labels
p3 Low Criticality Issues
Milestone

Comments

@bakulf
Copy link
Collaborator

bakulf commented Apr 7, 2021

It was found that Mozilla VPN was prone to a race condition vulnerability in the Ping
Sender that frequently delivers ICMP packets to the internal IP address of the
WireGuard gateway. Shortly after turning the VPN off, those ICMP packets are at risk of
being sent outside of the WireGuard tunnel and might reveal which gateway IP was
used. Since this event is very rare and unreliable, whilst information leakage is
additionally scarce, this issue is of purely informational nature.

┆Issue is synchronized with this Jira Task

@bakulf bakulf added p3 Low Criticality Issues audit-issue labels Apr 7, 2021
@bakulf
Copy link
Collaborator Author

bakulf commented Apr 8, 2021

As it said, this is a race condition. Note that we do delete the PingSender when the disconnection is about to happen (and not after), but it could that this is not enough.

@bakulf bakulf modified the milestone: v2.2 Apr 9, 2021
@bakulf bakulf added this to Backlog in v2.2 🚀 Apr 12, 2021
@lesleyjanenorton lesleyjanenorton added this to Triage parking lot in Mozilla VPN Product Board Apr 14, 2021
@lesleyjanenorton lesleyjanenorton moved this from Triage parking lot to Backlog in Mozilla VPN Product Board Apr 14, 2021
@birdsarah birdsarah added this to the Release v2.3 milestone Apr 16, 2021
oskirby added a commit to oskirby/mozilla-vpn-client that referenced this issue Apr 30, 2021
There is a potential race condition when sending ICMP pings for
connection health monitoring where closing the tunnel could result
in exposusre of the gateway IP address. By binding to the source
address when sending a ping, we should prevent this from occuring.

See: mozilla-mobile#801
oskirby added a commit to oskirby/mozilla-vpn-client that referenced this issue May 1, 2021
There is a potential race condition when sending ICMP pings for
connection health monitoring where closing the tunnel could result
in exposusre of the gateway IP address. By binding to the source
address when sending a ping, we should prevent this from occuring.

See: mozilla-mobile#801
@bakulf bakulf closed this as completed in 53ab591 May 6, 2021
Mozilla VPN Product Board automation moved this from Backlog to Done/Merged May 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
p3 Low Criticality Issues
Projects
Development

No branches or pull requests

2 participants