Bug 1905796 (CVE-2020-35510) - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
Summary: CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by s...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-35510
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1902747
TreeView+ depends on / blocked
 
Reported: 2020-12-09 05:33 UTC by Ted Jongseok Won
Modified: 2021-12-14 21:33 UTC (History)
70 users (show)

Fixed In Version: jboss-remoting 5.0.20.SP1-redhat-00001
Doc Type: ---
Doc Text:
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-03-16 19:19:19 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0872 0 None None None 2021-03-16 13:43:42 UTC
Red Hat Product Errata RHSA-2021:0873 0 None None None 2021-03-16 13:35:38 UTC
Red Hat Product Errata RHSA-2021:0874 0 None None None 2021-03-16 13:39:51 UTC
Red Hat Product Errata RHSA-2021:0885 0 None None None 2021-03-16 13:19:31 UTC
Red Hat Product Errata RHSA-2021:0974 0 None None None 2021-03-23 14:18:21 UTC
Red Hat Product Errata RHSA-2021:5134 0 None None None 2021-12-14 21:33:18 UTC

Description Ted Jongseok Won 2020-12-09 05:33:23 UTC
A flaw was found in JBoss Remoting. When a malicious attacker could cause threads holding up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ack messages, or just tamper with jboss-remoting code, deleting the lines that send the ack message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Comment 3 Ted Jongseok Won 2020-12-22 01:43:49 UTC
This vulnerability is out of security support scope for the following products:
 * Red Hat Enterprise Application Platform 6
 * Red Hat Enterprise Application Platform 5
 * Red Hat JBoss Operations Network 3
 * Red Hat Data Grid 7
 * Red Hat JBoss BRMS 5
 * Red Hat JBoss Data Virtualization 6
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss Fuse Service Works 6
 * Red Hat JBoss SOA Platform 5

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 4 Jonathan Christison 2021-01-05 11:11:02 UTC
Marking Red Hat Fuse 7 as having a low impact, Fuse 7 distributes affected versions of JBoss Remoting via Fuse on EAP, however the functionality of these artifacts is not used by Fuse.

Comment 6 errata-xmlrpc 2021-03-16 13:19:25 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2021:0885 https://access.redhat.com/errata/RHSA-2021:0885

Comment 7 errata-xmlrpc 2021-03-16 13:35:29 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7

Via RHSA-2021:0873 https://access.redhat.com/errata/RHSA-2021:0873

Comment 8 errata-xmlrpc 2021-03-16 13:39:39 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8

Via RHSA-2021:0874 https://access.redhat.com/errata/RHSA-2021:0874

Comment 9 errata-xmlrpc 2021-03-16 13:43:37 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6

Via RHSA-2021:0872 https://access.redhat.com/errata/RHSA-2021:0872

Comment 10 Product Security DevOps Team 2021-03-16 19:19:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-35510

Comment 11 errata-xmlrpc 2021-03-23 14:17:51 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.4.6

Via RHSA-2021:0974 https://access.redhat.com/errata/RHSA-2021:0974

Comment 12 errata-xmlrpc 2021-06-02 14:23:39 UTC
This issue has been addressed in the following products:

  Red Hat EAP-XP via EAP 7.3.x base

Via RHSA-2021:2210 https://access.redhat.com/errata/RHSA-2021:2210

Comment 13 errata-xmlrpc 2021-12-14 21:33:15 UTC
This issue has been addressed in the following products:

  Red Hat Fuse 7.10

Via RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134


Note You need to log in before you can comment on or make changes to this bug.