Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Sep 2016 20:53:42 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: Re: cve request: docker swarmkit Dos occurs by
 repeatly joining and quitting swam cluster as a node

On Thu, Sep 1, 2016 at 8:48 PM, Diogo Monica <diogo.monica@...ker.com>
wrote:

> Can you please describe how this vulnerability makes a worker node be able
> to administer the swarm?
>

It allows a worker node to disable and effectively shut down the swarm, I
assume shutting down the swan is an administrative function, if not please
let me know where the documentation for workers covers this (allowing a
worker to shutdown the swarm). Thanks!


>
>
>
>
>
>
> On Thu, Sep 1, 2016 at 7:12 PM -0700, "Kurt Seifried" <
> kseifried@...hat.com> wrote:
>
>
>
>
>
>
>
>
>
>
> On Thu, Sep 1, 2016 at 5:17 PM, Diogo Mónica
> wrote:
>
> > A few weeks ago (Aug 4, 2016), a CVE (CVE-2016-6595) describing a DoS on
> > docker swarm got issued. We believe this not a real issue, and would like
> > to have the CVE rescinded.
> >
> > The person reporting this "vulnerability" is exhausting the resources of
> a
> > remote manager by doing hundreds of join/leave operations without
> removing
> > the state that is left by old nodes. At some point the manager obviously
> > stops being able to accept new nodes, since it runs out of memory.
> >
> > Given that both for Docker swarm and for Docker Swarmkit nodes are
> > *required* to provide a secret token (it's actually the only mode of
> > operation), this means that no adversary can simply join nodes and
> exhaust
> > manager resources.
> >
> > We can't do anything about a manager running out of memory and not being
> > able to add new legitimate nodes to the system. This is merely a resource
> > provisioning issue, and definitely not a CVE worthy vulnerability.
> >
>
> I checked the documentation and it looks like a worker node is only
> supposed to work and is not supposed to be able to administer the swarm. As
> such this is a trust boundary violation, and needs a CVE.
>
>
>
> > Thank you,
> > --
> > Diogo Mónica
> >
>
>
>
> --
>
> --
> Kurt Seifried -- Red Hat -- Product Security -- Cloud
> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
> Red Hat Product Security contact: secalert@...hat.com
>
>
>
>
>
>


-- 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ