Bug 1927909 (CVE-2019-11360)

Summary: CVE-2019-11360 iptables: buffer overflow in iptables-restore
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bmontgom, egarver, eparis, iptables-maint-list, jburrell, jokerman, kaycoth, kevin, kyoshida, nstielau, psutter, snemec, sponnaga, todoleza
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: iptables 1.8.3 Doc Type: If docs needed, set a value
Doc Text:
A buffer overflow flaw was found in iptables-restore. This flaw allows a local attacker with sufficiently high privileges, such as root, to provide a specially crafted file, causing a program crash or potential code execution. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 13:01:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1927910    

Description Dhananjay Arunesh 2021-02-11 19:52:26 UTC 
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an
attacker to (at least) crash the program or potentially gain code execution via
a specially crafted iptables-save file. This is related to add_param_to_argv in
xshared.c.

References:
https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e
Comment 1 Mark Cooper 2021-02-12 02:47:25 UTC 
Upstream fix: https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e
Comment 2 Mark Cooper 2021-02-12 02:47:27 UTC 
External References:

https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
Comment 3 Mark Cooper 2021-02-12 02:49:42 UTC 
OCP 3.11 containers got it's iptables version from RHEL.

OCP 4.x does package a version of iptables but is v1.8.4 and is not vulnerable.
Comment 10 Mauro Matteo Cascella 2021-02-24 11:38:33 UTC 
Statement:

This flaw has been rated as having a security impact of Low, because it requires unlikely circumstances to be able to be exploited. Red Hat Enterprise Linux 8 is not affected by this flaw, as the shipped versions of `iptables` already include the patch. Although Red Hat Enterprise Linux 6 and 7 are affected, successful exploitation is prevented by Stack Smashing Protection (SSP), reducing the impact to a denial of service.

Note that this flaw is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is in the Extended Life Phase of the support and maintenance life cycle; Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Comment 11 Product Security DevOps Team 2021-02-24 13:01:55 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-11360