This problem was caused by a glitch on the OS side. However, there is a bug in the RW Lock of pthreads included in recent Linux distributions that, when handling thousands of sessions on a single server, would cause all CPUs to suddenly enter a spinlock interactive wait state, consuming an extremely long amount of CPU time, making VPN communication sessions difficult to communicate with, and causing VPN sessions to disconnect due to timeouts. The lock acquisition function called RW Lock (reader/writer lock) used inside the OpenSSL library used by this program calls the lock function provided by the OS (libc, pthread, kernel), but it is not supported in recent Linux distributions.
This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future. When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. Heap area protection of memory has been enhanced.DoS attack prevention function is implemented in SoftEther VPN Server.Removed display of IP address from response error messages in VPN Server's behavior as an HTTPS Web server.Resolved a problem that caused rare crashes due to insufficient multithread locking for a data structure called the IP address table inside the VPN Server's virtual HUB.A potential inconsistency existed in some places due to incomplete locking of CapsCacheLock in the multi-threaded exclusion control for the VPN Server's internal data structure called Caps.Resolved the problem that older versions of SoftEther VPN Client could not connect with RC4-MD5 when TLS 1.0 - 1.2 is enabled.The risk of exploitation of any of the fixed vulnerabilities is relatively low under normal usage and environment, and actual attacks are not easy to conduct, We recommend that you update your software as much as possible. of the United States, six vulnerabilities, including CVE-2023-27395, have been fixed. As a result of a high-level code review and technical cooperation by Cisco Systems, Inc.The revision history of each SoftEther VPN build is here.1
0 kommentar(er)
