Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Aug 2017 16:08:08 +0200
From: Matthias Gerstner <mgerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: tcmu-runner: multiple vulnerabilities in
 tcmu-runner daemon allowing local DoS, information leak and a memory leak

Hello,

CVEs have been assigned now:

> ------------------------------------------------------------------------
> glfs handler allows local DoS via crafted CheckConfig strings
> ------------------------------------------------------------------------
[...]
>   https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157

CVE-2017-1000198

> ------------------------------------------------------------------------
> UnregisterHandler dbus method in tcmu-runner daemon for non-existing
> handler causes DoS
> ------------------------------------------------------------------------
[...]
> - upstream fix: https://github.com/open-iscsi/tcmu-runner/commit/e2d953050766ac538615a811c64b34358614edce

CVE-2017-1000201

> ------------------------------------------------------------------------
> UnregisterHandler D-Bus method in tcmu-runner daemon for internal
> handler causes DoS
> ------------------------------------------------------------------------
[...]
> - upstream fix: https://github.com/open-iscsi/tcmu-runner/commit/bb80e9c7a798f035768260ebdadffb6eb0786178

CVE-2017-1000200

> ------------------------------------------------------------------------
> Memory leaks can be triggered in tcmu-runner daemon by calling D-Bus
> method for (Un)RegisterHandler
> ------------------------------------------------------------------------
[...]
> - upstream fix: https://github.com/open-iscsi/tcmu-runner/commit/7a78eda52d973d3edc06fea84ad874678d6055f0

CVE for this one is still pending

> ------------------------------------------------------------------------
> qcow handler opens up an information leak via the CheckConfig D-Bus
> method
> ------------------------------------------------------------------------
[...]
>   https://github.com/open-iscsi/tcmu-runner/commit/8cf8208775022301adaa59c240bb7f93742d1329

CVE-2017-1000190

also see my summary in comment at

https://github.com/open-iscsi/tcmu-runner/pull/200#issuecomment-323750247

Best regards

Matthias

-- 
Matthias Gerstner <matthias.gerstner@...e.de>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer
https://www.suse.com/security
Telefon: +49 911 740 53 290

SUSE Linux GmbH 
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)
On Mon, Jul 24, 2017 at 12:12:04PM +0200, Matthias Gerstner wrote:

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ