Bug 1508837 (CVE-2017-2891, CVE-2017-2892, CVE-2017-2893, CVE-2017-2894, CVE-2017-2895, CVE-2017-2909, CVE-2017-2921, CVE-2017-2922)

Summary: CVE-2017-2892 CVE-2017-2891 CVE-2017-2909 CVE-2017-2922 CVE-2017-2921 CVE-2017-2895 CVE-2017-2894 CVE-2017-2893 mongoose: Multiple vulnerabilities fixed in version 6.8
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aquini, ffotorel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mongoose 6.8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:30:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1491143, 1491144    
Bug Blocks:    

Description Andrej Nemec 2017-11-02 10:40:20 UTC 
CVE-2017-2892

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399

CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398

CVE-2017-2909

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416

CVE-2017-2922

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0429

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow resulting leading to heap buffer overflow resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0428

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0402

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0401

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400
Comment 1 Andrej Nemec 2017-11-02 10:40:55 UTC 
Created mongoose tracking bugs for this issue:

Affects: epel-6 [bug 1491143]
Affects: fedora-all [bug 1491144]
Comment 2 Product Security DevOps Team 2019-06-08 03:30:13 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.