Bug 1377280 (CVE-2016-5017)

Summary: CVE-2016-5017 zookeeper: Buffer overflow vulnerability in C cli shell
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, aileenc, alazarot, aszczucz, chazlett, ctubbsii, dmcphers, ethan, etirelli, felias, gvarsami, java-sig-commits, jcoleman, jialiu, jokerman, jolee, kconner, kseifried, kverlaen, ldimaggi, lmeyer, lpetrovi, mbaluch, mmccomas, mwinkler, nwallace, pavelp, rrajasek, rwagner, rzhang, soa-p-jira, s, tcunning, tiwillia, tkirby, tstclair, vhalbert
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zookeeper 3.4.9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-23 13:37:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1377281    
Bug Blocks:    

Description Andrej Nemec 2016-09-19 11:27:39 UTC
The ZooKeeper C client shells "cli_st" and "cli_mt" have a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:<cmd>" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur. There is no known compromise which takes advantage of this vulnerability, and if security is enabled the attacker would be limited by client level security constraints. The C cli shell is intended as a sample/example of how to use the C client interface, not as a production tool - the documentation has also been clarified on this point.

References:

http://seclists.org/bugtraq/2016/Sep/29

Upstream fix:

https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f

Comment 1 Andrej Nemec 2016-09-19 11:28:23 UTC
Created zookeeper tracking bugs for this issue:

Affects: fedora-all [bug 1377281]