1487251 – (CVE-2017-1000200) CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS

Bug 1487251 (CVE-2017-1000200) - CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS

Summary: CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner d...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2017-1000200
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1487255 1494511 1494514
Blocks:	1487254
TreeView+	depends on / blocked

Reported:	2017-08-31 13:45 UTC by Andrej Nemec
Modified:	2021-10-21 11:56 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS.
Clone Of:
Environment:
Last Closed:	2021-10-21 11:56:07 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3277	0	normal	SHIPPED_LIVE	Moderate: tcmu-runner security update	2017-11-29 08:32:51 UTC

Description Andrej Nemec 2017-08-31 13:45:34 UTC

A local non-root user with access to the D-Bus system bus can call the
UnregisterHandler method implemented in the tcmu-runner daemon with the
name of a handler loaded internally in tcmu-runner via dlopen() and
cause a NULL pointer dereference resulting in DoS.

Upstream patch:

https://github.com/open-iscsi/tcmu-runner/commit/bb80e9c7a798f035768260ebdadffb6eb0786178

References:

http://seclists.org/oss-sec/2017/q3/207

Comment 1 Andrej Nemec 2017-08-31 13:50:00 UTC

Created tcmu-runner tracking bugs for this issue:

Affects: fedora-all [bug 1487255]

Comment 4 errata-xmlrpc 2017-11-29 03:33:41 UTC

This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.3 for RHEL 7

Via RHSA-2017:3277 https://access.redhat.com/errata/RHSA-2017:3277

Note You need to log in before you can comment on or make changes to this bug.