Bug 1620293 (CVE-2018-14622)
Summary: | CVE-2018-14622 libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abhgupta, ahardin, bleanhar, bmcclain, carnil, ccoleman, dbaker, dblechte, dedgar, dfediuck, dmoppert, eedri, eparis, jgoulding, jlayton, jokerman, kkeithle, mchappel, mgoldboi, michal.skrivanek, sbonazzo, sherold, sisharma, ssaha, steved, sthangav, trankin, vbellur |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libtirpc 0.3.3-rc3 | Doc Type: | If docs needed, set a value |
Doc Text: |
A null-pointer dereference vulnerability was found in libtirpc. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:36:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1620294, 1620295 | ||
Bug Blocks: | 1620296 |
Description
Laura Pardo
2018-08-22 21:56:28 UTC
Created libtirpc tracking bugs for this issue: Affects: fedora-all [bug 1620295] This was fixed in RHEL 7 as part of bug 1410617. Hi I think there is need of clarification for CVE-2018-14622 (and CVE-2018-14621). CVE-2018-14622 refers to http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0 and additionally to the SuSE bug https://bugzilla.novell.com/show_bug.cgi?id=968175 But there is as well https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9265 referecing http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0 and https://bugzilla.suse.com/show_bug.cgi?id=968175 CVE-2018-14621 seem to refer to the "second issue" of that SuSE bug, which SuSE prooposes to address with https://bugzilla.novell.com/attachment.cgi?id=666865 but the upstream commit finally adressing it seem to be http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b (as such this issue woul only affect 0.3.3-rc3 onwards). Does CVE-2018-14622 need to be rejected? For the record, the 2015 CVE will be rejected in favour of the 2018 one. |