Bug 1438885 (CVE-2017-2670)
| Summary: | CVE-2017-2670 undertow: IO thread DoS via unclean Websocket closing | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Bharti Kundal <bkundal> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amaris, apo, bbaranow, bdawidow, bmaxwell, cdewolf, chazlett, csutherl, dandread, darran.lofthouse, dosoudil, drieden, hghasemb, jawilson, jpallich, jshepherd, lgao, myarboro, pdrozd, pgier, psakar, pslavice, rnetuka, rsvoboda, security-response-team, sthorger, tanabe.yoshimasa, twalsh, vtunka |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | undertow-core 1.3.28.Final-redhat-4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-19 20:56:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1438765, 1520314 | ||
|
Description
Bharti Kundal
2017-04-04 16:12:56 UTC
*** Bug 1438764 has been marked as a duplicate of this bug. *** Acknowledgments: Name: Gregory Ramsperger, Ryan Moak This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0.6 Via RHSA-2017:1409 https://rhn.redhat.com/errata/RHSA-2017-1409.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1411 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1410 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:1412 Can you share more information about the issue and your proposed patch for it? There were no changes made to https://github.com/undertow-io/undertow/blob/1.4.12.Final/core/src/main/java/io/undertow/server/protocol/framed/AbstractFramedStreamSourceChannel.java#L288 in the past months hence I wonder how other users and distributions of undertow are supposed to address this bug. The same goes for CVE-2017-2666. I would appreciate it if you could share more details about the vulnerability and the fix. This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458 |