Date: Mon, 6 Apr 2015 12:29:05 -0400 (EDT) From: cve-assign@...re.org To: irl@...e.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Request CVE for LinuxNode - DoS vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > So, the questions are: > > 1. Is the above reasonable, i.e., there was (at one time) ... irl@...e.org sent us a confirmation without a Cc to oss-security. The CVE mapping is: > a single > vulnerability affecting both node and URONode in which a client could > use "quit" within telnet, and thereby cause the server to waste > network bandwidth on a radio path Use CVE-2015-2927. The known affected version of node (aka LinuxNode) is 0.3.2 (for Debian, the "ax25-node" package name is associated with the "node" source-package name). Within the URONode changelog, the relevant entry is apparently "21/05/08 v1.0.5r3 ... I added a quit_handler routine in the main loop which now will execute a node_logout(), flush out the IPCs, log the event to syslog, and close out the application properly." > app fails to close and more can be spawned by a crafty malicious > user thus bringing the system to a point of no memory available. This does not have a CVE ID. The node software was not attempting to defend against a scenario in which a single client user causes arbitrarily many node processes to run on the server simultaneously. The node software runs as a service under inetd (or a similar program), and any related restrictions would ordinarily be part of the inetd configuration. Lack of restrictions is a site-specific problem. ("crafty malicious user" means, for example: if a client were allowed to have 100 simultaneous node processes, the malicious user could choose a request timing that ensured that 100 processes were always running.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVIrO0AAoJEKllVAevmvmsbXgIAJQdYhkCyxks3Js0ZhDkYkoJ 3ITLnWgGp92m/hcL92K/oRL3ZvZj2Ik7kwf/7YsllhQBgVjVwoPjr/c7MA40nbgo 1n/NFeFzrS3PM3ZivBk2wt9Gnc7mLG59P3Z9cR9oAGqhXqKOEodlRSaE1q8fHMFG qm5Sj9AgHqhc4MDCIo+y/R/pSL0Ayiqzr3J8U9B+R+ls6JsY0co45r9OTtCShl+i jazf4xFwNpkYo7VEx4zIIVd2DBUQm3XSqZT5kVdRp3pSf8MkM34E92POlptwKjNJ PiXKMazkLspMwLs9j1WywFuub+XdrFWCWxXl9b83LqoTWcMGU7k3OcUZUqRNrFc= =Jv34 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ