Bug 1138145 (CVE-2014-3619) - CVE-2014-3619 glusterfs: fragment header infinite loop DoS
Summary: CVE-2014-3619 glusterfs: fragment header infinite loop DoS
Status: CLOSED ERRATA
Alias: CVE-2014-3619
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140912,repor...
Keywords: Security
Depends On: 1136712 1139098 1139110
Blocks: 1138149
TreeView+ depends on / blocked
 
Reported: 2014-09-04 07:16 UTC by Wade Mealing
Modified: 2019-06-08 20:10 UTC (History)
13 users (show)

(edit)
A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop.
Clone Of:
(edit)
Last Closed: 2015-10-12 06:16:06 UTC


Attachments (Terms of Use)

Description Wade Mealing 2014-09-04 07:16:40 UTC
IssueDescription:

A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop.

Comment 1 Wade Mealing 2014-09-04 07:34:59 UTC
Initial Report: https://bugzilla.redhat.com/show_bug.cgi?id=1136712

Comment 4 Garth Mollett 2014-09-10 07:43:41 UTC
Acknowledgements:

Red Hat would like to thank qinghao tang of Qihoo 360 Technology for reporting this issue.

Comment 6 Wade Mealing 2014-11-06 07:13:39 UTC
Statement:

Red Hat Storage 2.1 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat  Support Matrix:

https://access.redhat.com/support/policy/updates/rhs

Comment 7 Salvatore Bonaccorso 2015-02-28 14:35:48 UTC
Hi,

(In reply to Wade Mealing from comment #0)
> A denial of service flaw was found in the way the
> __socket_proto_state_machine() function of glusterfs processed certain
> fragment headers. A remote attacker could send a specially crafted fragment
> header that, when processed, would cause the glusterfs process to enter an
> infinite loop.

I'm interested in checking the status if glusterfs in Debian is affected as well. The original report seems to be restricted, is there information/patches/affected versions which you are can share about the issue?

Many thanks in advance for any pointer,

Regards,
Salvatore

Comment 8 Martin Prpič 2015-03-23 09:38:05 UTC
(In reply to Salvatore Bonaccorso from comment #7)
> Hi,
> 
> (In reply to Wade Mealing from comment #0)
> > A denial of service flaw was found in the way the
> > __socket_proto_state_machine() function of glusterfs processed certain
> > fragment headers. A remote attacker could send a specially crafted fragment
> > header that, when processed, would cause the glusterfs process to enter an
> > infinite loop.
> 
> I'm interested in checking the status if glusterfs in Debian is affected as
> well. The original report seems to be restricted, is there
> information/patches/affected versions which you are can share about the
> issue?
> 
> Many thanks in advance for any pointer,
> 
> Regards,
> Salvatore

Hi!

Upstream patch that, among other things, fixes this issue:

http://review.gluster.org/#/c/8662/4

The infinite loop could be triggered if a fragment header of '00000000' was sent, causing the code in __socket_proto_state_machine() to loop indefinitely.

Comment 9 Siddharth Sharma 2015-10-12 06:16:06 UTC
This issue has been addressed in the following products:

  Red Hat Storage 3.0
  Native Client for RHEL 5 for Red Hat Storage
  Native Client for RHEL 6 for Red Hat Storage

Via RHBA-2015:0038 https://rhn.redhat.com/errata/RHBA-2015-0038.html

Comment 10 Siddharth Sharma 2015-10-12 06:16:46 UTC
This issue has been addressed in the following products:

  Red Hat Common for RHEL 7

Via RHBA-2015:0040 https://rhn.redhat.com/errata/RHBA-2015-0040.html


Note You need to log in before you can comment on or make changes to this bug.