Bug 1504255 (CVE-2017-15096) - CVE-2017-15096 glusterfs: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c
Summary: CVE-2017-15096 glusterfs: Null pointer dereference in send_brick_req function...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-15096
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1503394 1504256 1505212 1505370
Blocks: 1504257
TreeView+ depends on / blocked
 
Reported: 2017-10-19 19:41 UTC by Pedro Sampaio
Modified: 2019-09-29 14:24 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-27 08:10:58 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2017-10-19 19:41:12 UTC
A flaw was found in glusterfs. A null pointer dereference in in send_brick_req function in glusterfsd/src/gf_attach.c may cause local denial of service.  

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1502928

Comment 1 Pedro Sampaio 2017-10-19 19:41:57 UTC
Created glusterfs tracking bugs for this issue:

Affects: fedora-all [bug 1504256]

Comment 2 Siddharth Sharma 2017-10-26 16:11:05 UTC
Analysis

Only local DoS of glusterfsd is possible with this. Impact of this flaw is low.

Comment 3 Jeff Darcy 2017-10-27 05:51:54 UTC
It's not even a DoS of glusterfsd.  Worst case is that gf_attach runs out of memory, which would be a failure anyway, and then fails with a SIGSEGV in STACK_DESTROY (the other two functions check for NULL) instead of ENOMEM.  Not sure GlusterD (management daemon) would even notice the difference, and even if it did that would only affect adding or removing bricks.  Other management operations, and the entire I/O path, would be unaffected.  It's a bug, sure, but it's not clearly a *security* bug at all.

Comment 4 Siddharth Sharma 2017-10-27 08:09:06 UTC
(In reply to Jeff Darcy from comment #3)
> It's not even a DoS of glusterfsd.  Worst case is that gf_attach runs out of
> memory, which would be a failure anyway, and then fails with a SIGSEGV in
> STACK_DESTROY (the other two functions check for NULL) instead of ENOMEM. 
> Not sure GlusterD (management daemon) would even notice the difference, and
> even if it did that would only affect adding or removing bricks.  Other
> management operations, and the entire I/O path, would be unaffected.  It's a
> bug, sure, but it's not clearly a *security* bug at all.

Hi Jeff,

agreed that is why I set impact of this being low. It is at a border line between low to no security flaw.


Note You need to log in before you can comment on or make changes to this bug.