Bug 861234 - (CVE-2012-4458) CVE-2012-4458 qpid-cpp: long arrays of zero-width types cause a denial of service
CVE-2012-4458 qpid-cpp: long arrays of zero-width types cause a denial of ser...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130305,repor...
: Security
Depends On: 824493 845364 918804
Blocks: 849724 851360
  Show dependency treegraph
 
Reported: 2012-09-27 17:35 EDT by Vincent Danen
Modified: 2014-01-11 13:52 EST (History)
10 users (show)

See Also:
Fixed In Version: qpid-cpp 0.21
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-06 17:23:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-09-27 17:35:50 EDT
It was discovered that the AMQP type decoder was exposed pre-authentication because it was possible to send arbitrary types in the client-properties map in a connection.start-ok message.  This is used to send an array with elements which are all of width zero and thus consume no space on the wire, but need storage after decoding by the server.  On some systems, a suitably chosen SIZE value triggers the OOM killer and terminates the server process permanently.


Acknowledgements:

This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Comment 1 Vincent Danen 2013-03-06 11:58:57 EST
This is corrected upstream:

https://svn.apache.org/viewvc?view=revision&revision=1453031


External References:

https://issues.apache.org/jira/browse/QPID-4629
Comment 2 errata-xmlrpc 2013-03-06 13:50:52 EST
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:0562 https://rhn.redhat.com/errata/RHSA-2013-0562.html
Comment 3 errata-xmlrpc 2013-03-06 13:52:04 EST
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2013:0561 https://rhn.redhat.com/errata/RHSA-2013-0561.html
Comment 4 Vincent Danen 2013-03-06 17:13:35 EST
Created qpid-cpp tracking bugs for this issue

Affects: fedora-all [bug 918804]

Note You need to log in before you can comment on or make changes to this bug.