Bug 1073139 (CVE-2014-8165)

Summary: CVE-2014-8165 powerpc-utils-python: arbitrary code execution due to unpickling untrusted input
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bressers, dhorak, fkocina, fweimer, jcajka, karsten, mjwolf, ovasik, rvokal, secondary-arch-list, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-06 04:38:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1073144, 1190597    
Bug Blocks: 1042744, 1075728, 1323912    

Description Vincent Danen 2014-03-05 21:20:19 UTC 
The amsvis command in the powerpc-utils-python package implements a client-server protocol to exchange Active Memory Sharing information, based on the Python cPickle serialization library.  This could allow an attacker who can connect to amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process.  This update changes the client-server protocol to use JSON instead.

Acknowledgements:

This issue was discovered by Dhiru Kholia of Red Hat Product Security.
Comment 3 Florian Weimer 2015-02-06 09:36:18 UTC 
Public via: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/
Comment 4 Florian Weimer 2015-02-09 09:15:55 UTC 
Created powerpc-utils-python tracking bugs for this issue:

Affects: fedora-all [bug 1190597]
Comment 5 Florian Weimer 2015-03-16 16:37:41 UTC 
Statement:

This issue affects the versions of powerpc-utils-python as shipped with Red Hat Enterprise Linux 7 for Power. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 7 Florian Weimer 2015-03-16 16:53:30 UTC 
Upstream commit:

http://sourceforge.net/p/powerpc-utils/powerpc-utils-python/ci/f7bdc5c270a9e16b831089e2e932cab6027c38c8/
Comment 12 errata-xmlrpc 2016-11-03 21:28:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2607 https://rhn.redhat.com/errata/RHSA-2016-2607.html