|Summary:||CVE-2017-15096 glusterfs: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c|
|Product:||[Other] Security Response||Reporter:||Pedro Sampaio <psampaio>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED WONTFIX||QA Contact:|
|Version:||unspecified||CC:||anoopcs, atumball, bmcclain, dblechte, eedri, humble.devassy, jeff, jonathansteffan, kkeithle, mgoldboi, michal.skrivanek, ndevos, ramkrsna, rhs-bugs, sankarshan, sherold, sisharma, smohan, ssaha, vbellur, ykaul, ylavi|
|Fixed In Version:||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|Last Closed:||2017-10-27 08:10:58 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1503394, 1504256, 1505212, 1505370|
Description Pedro Sampaio 2017-10-19 19:41:12 UTC
A flaw was found in glusterfs. A null pointer dereference in in send_brick_req function in glusterfsd/src/gf_attach.c may cause local denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
Comment 1 Pedro Sampaio 2017-10-19 19:41:57 UTC
Created glusterfs tracking bugs for this issue: Affects: fedora-all [bug 1504256]
Comment 2 Siddharth Sharma 2017-10-26 16:11:05 UTC
Analysis Only local DoS of glusterfsd is possible with this. Impact of this flaw is low.
Comment 3 Jeff Darcy 2017-10-27 05:51:54 UTC
It's not even a DoS of glusterfsd. Worst case is that gf_attach runs out of memory, which would be a failure anyway, and then fails with a SIGSEGV in STACK_DESTROY (the other two functions check for NULL) instead of ENOMEM. Not sure GlusterD (management daemon) would even notice the difference, and even if it did that would only affect adding or removing bricks. Other management operations, and the entire I/O path, would be unaffected. It's a bug, sure, but it's not clearly a *security* bug at all.
Comment 4 Siddharth Sharma 2017-10-27 08:09:06 UTC
(In reply to Jeff Darcy from comment #3) > It's not even a DoS of glusterfsd. Worst case is that gf_attach runs out of > memory, which would be a failure anyway, and then fails with a SIGSEGV in > STACK_DESTROY (the other two functions check for NULL) instead of ENOMEM. > Not sure GlusterD (management daemon) would even notice the difference, and > even if it did that would only affect adding or removing bricks. Other > management operations, and the entire I/O path, would be unaffected. It's a > bug, sure, but it's not clearly a *security* bug at all. Hi Jeff, agreed that is why I set impact of this being low. It is at a border line between low to no security flaw.