Bug 1190294 (CVE-2012-6687) - CVE-2012-6687 fcgi: numerous connections cause segfault DoS
Summary: CVE-2012-6687 fcgi: numerous connections cause segfault DoS
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-6687
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1189958 1190212
Blocks: 1190295
TreeView+ depends on / blocked
 
Reported: 2015-02-06 22:19 UTC by Kurt Seifried
Modified: 2019-09-29 13:27 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-25 05:55:47 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Debian BTS 933417 None None None Never
Launchpad 933417 None None None Never

Description Kurt Seifried 2015-02-06 22:19:48 UTC
FCGI does not perform range checks for file descriptors before use of the FD_SET macro.  This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state.

This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

External references:
https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591

Upstream patches:

At this time the fcgi mailing list is down, this seems to be the patch that is chosen:

https://launchpadlibrarian.net/93064712/poll.patch

Comment 1 Ken Dreyer (Red Hat) 2015-02-06 22:31:22 UTC
link to CVE request: http://www.openwall.com/lists/oss-security/2015/02/06/4 (thanks Till for making the request)


Note You need to log in before you can comment on or make changes to this bug.