Bug 1025127 - (CVE-2013-4484) CVE-2013-4484 varnish: denial of service handling certain GET requests
CVE-2013-4484 varnish: denial of service handling certain GET requests
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20131030,repor...
: Security
Depends On: 1025128 1025129
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-31 00:55 EDT by Murray McAllister
Modified: 2015-07-31 03:11 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-26 08:52:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Murray McAllister 2013-10-31 00:55:40 EDT
Varnish Cache a high-performance HTTP accelerator. A denial of service flaw was found in the way Varnish Cache handled certain GET requests when using certain configurations. A remote attacker could use this flaw to crash a worker process.

References:

https://www.varnish-cache.org/trac/ticket/1367
https://www.varnish-cache.org/trac/changeset/4bd5b7991bf602a6c46dd0d65fc04d4b8d9667a6
https://www.varnish-cache.org/trac/changeset/9c9a9904bdb56b62017f338baf9c8e906b88dcac
Comment 1 Murray McAllister 2013-10-31 00:57:22 EDT
Created varnish tracking bugs for this issue:

Affects: fedora-all [bug 1025128]
Affects: epel-all [bug 1025129]
Comment 2 Murray McAllister 2013-10-31 00:59:05 EDT
I was not familiar enough with varnish to reproduce this issue, but the Fedora and EPEL packages are missing the commit from comment #0
Comment 3 Ingvar Hagelund 2013-11-05 06:59:41 EST
For Fedora, I'll just wait for 3.0.5, I think. f18 and f19 have 3.0.3. 3.0.4 is commited (but not built) to rawhide.

I have produced a backport to varnish-2.0.6 (epel 5) of this, available here: 

http://users.linpro.no/ingvar/varnish/varnish.fix_CVE-2013-4484.patch.txt

I'll try to get upstream to validate it.

If it goes through, I'll do one for epel 6 too.

Ingvar
Comment 4 Ingvar Hagelund 2014-11-26 08:52:00 EST
For some reason, this bug is still open.

This was fixed in
varnish-2.0.6-4.el5
varnish-2.1.5-5.el6
varnish-3.0.5-1.fc18
varnish-3.0.5-1.fc19

As all depency bugs were closed long time ago, I close this one as well.

Ingvar

Note You need to log in before you can comment on or make changes to this bug.