Bug 706250 (CVE-2011-0872)
Summary: | CVE-2011-0872 OpenJDK: non-blocking sockets incorrectly selected for reading (NIO, 6213702) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marc Schoenefeld <mschoene> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ahughes, aph, dbhole, gregw, jvanek, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-03 13:58:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 8
Tomas Hoger
2011-06-07 11:44:56 UTC
Public now via Oracle CPU June 2011: http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Also fixed in IcedTea6 versions 1.8.8, 1.9.8 and 1.10.2: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-June/014607.html Patch: http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/6213702.patch We have a problem with the Jetty server hanging which looks to be a result of this "fix". The symptom is that the server accepts new connections, but never processes any input on them. On inspection, we can see that the call to the NIO selector is blocked in the discardUrgentData method. We are not yet sure what causes the problem to occur, but suspect it is bad data on one connection. If so, then this fix is allowing a DoS attack because 1 bad connection can lock an entire selector. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=357318 Greg, we did not actually do much about this issue on our side given that this problem / fix was Windows-specific. If I correctly read the info in your Jetty bug, the issue is only reproducible on Windows platform, so may indeed be related to this fix. This should be reported to Oracle. As was done already: https://bugs.eclipse.org/bugs/show_bug.cgi?id=357318#c47 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7130796 If you want to make sure this appears on the Oracle security team radar, you may drop them a mail. You can find contact information on their Reporting Security Vulnerabilities page: http://www.oracle.com/us/support/assurance/reporting/index.html |