a bug, possibly leading to a DoS, has been found in gnunet by Luigi Auriemma. Versions <0.7.0d are affected and possibly our 0.6.2b The fix is in SVN rev 2781. ####################################################################### ====== 2) Bug ====== The asynchronous mode used for the UDP socket is handled through FIONREAD. If an empty UDP packet (zero bytes) is received the program enters in an endless loop where other UDP packets cannot handled and the CPU reaches the 100% of usage. More info about this specific bug are available here: http://aluigi.org/adv/socket_unreachable_info.txt ####################################################################### (...) ====== 4) Fix ====== SVN revision 2781.
dear net-p2p team, please verify if we are affected, and in such case, provide a new ebuild, if possible.
confirmed, we are vulnerable. Only x86 will need to mark 0.7.0d stable. It should be in portage in a few minutes.
Forgot to mention, you'll also need to mark the latest libextractor stable, too.
x86 please test and mark stable, thanks
i wanted to do some testing with gnunet-0.7.0d [ +gtk +guile +ipv6 -mysql +nls +sqlite ] using libextractor-0.5.13 [ +gtk +nls -static +vorbis +zlib ]. However, the gnunet init script seems to have some problems: # /etc/init.d/gnunet start * Starting GNUnet ... # /etc/init.d/gnunet stop * Stopping GNUnet ... gnunetd: no process killed * Failed to stop GNUnet # ps -A | grep gnu # # /etc/init.d/gnunet start * WARNING: "gnunet" has already been started. # ps -A | grep gnu # Portage 2.0.54-r2 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.16-gentoo-r6 i686) ================================================================= System uname: 2.6.16-gentoo-r6 i686 AMD Athlon(tm) XP 2400+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 dev-python/pycrypto: [Not Present] dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict test" GENTOO_MIRRORS="http://gentoo.ynet.sk/pub " LANG="en_US.utf8" LC_ALL="en_US.utf8" LINGUAS="en de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://192.168.0.1/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aac aalib acpi alsa apm audiofile avi berkdb bitmap-fonts bonobo bzip2 cairo cdr cli crypt css cups curl dbus dri dts dvd dvdr dvdread eds emboss encode exif expat fam fbcon ffmpeg firefox flac foomaticdb fortran gd gdbm gif ginac glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal icq idn imagemagick imlib ipv6 isdnlog java javascript jpeg jpeg2k junit lcms libg++ libwww mad matroska mikmod mime mmx mmxext mng motif mozsvg mp3 mpeg msn nautilus ncurses nls nptl nsplugin nvidia offensive ogg oggvorbis openal opengl pam pcre pdflib perl plotutils png posix pppd python quicktime readline real reflection ruby sdl session slang sockets speex spell spl sqlite sqlite3 sse ssl subtitles svg svga tcltk tcpd tetex theora tiff truetype truetype-fonts type1-fonts udev unicode usb vcd vorbis win32codecs wma xine xml xml2 xmms xorg xv xvid zlib video_cards_nvidia linguas_en linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS
btw, it's the same with 'ps ax' instead of 'ps -A'.
mhh, back into ebuild status: please fix this, thanks
-r1 committed with a fixed init script (this time, pointing to /etc/gnunetd.conf as it is supposed to). Please note that the init script was added "optionally" since the induction of this package into portage. Please read the postinst() information to use it correctly. I don't actually use this package often, so anyone who sees a better way to control gnunet's features, please feel free to take it. Also note that the package only comes with a man page for gnunetd.conf, and strongly recommends you generate one yourself with the process outlined below. That having been said, I would create a standard gnunetd.conf file to distribute with this package if Gentoo protocol requires me to. $ sudo ebuild gnunet-0.7.0d-r1.ebuild postinst * ipv6 support is -very- experimental and prone to bugs * * To configure * 1) Add user(s) to the gnunet group * 2) Run 'gnunet-setup' to generate your client config file * 3) Run gnunet-setup -d to generate a server config file * 4) Optionally copy the .gnunet/gnunetd.conf into /etc and * use as a global server config file: * $ gnunet-setup -d * # cp ~/.gnunet/gnunetd.conf /etc/ *
Apparently only x86 needs to mark stable.
is gnunet-setup supposed to work out of the box for a non root user in the gnunet group ? because i get: $ gnunet-setup May 16 15:42:57 Configuration file must specify a directory for GNUnet to store per-peer data under GNUNET\GNUNET_HOME. Aborted "$ gnnet-setup -d" and "# gnunet-setup" work ...
don't mark stable yet, as it depends on a vulnerable version of libextractor. Wait until 133570 is resolved and mark that one stable to fix this bug.
x86, the fixed libextractor dep is now stable, please stable gnunet now, too
x86 done
Calling vote i would tend to vote yes...
another yes
Yes too
Hi guys, while auditing this bug in order to draft the GLSA, i had clues that our previous stable version - 0.6.2b - wasn't vulnerable. In the vulnerable SVN revision 2780, tranports/udp.c does contain : #ifdef MINGW error = ioctlsocket(udp_sock, #else error = ioctl(udp_sock, #endif FIONREAD, &pending); SVN rev.2781 adds a check on the packet size in udp.c (and udp6.c) . Our 0.6.2b ebuild does NOT contain this piece of code in udp.c nor udp6.c . It does not contain any string "FIONREAD". The only string "FIONREAD" is located in in isSocketValid (util/io.c), only called by tcp.c, tcp6.c and http.c, but not called by udp(6).c However, gnunet-0.7.0d was affected. So the bug is pertinent. But as for me, it does not merit a GLSA anymore, since this 0.6.2b was the last stable ebuild at this moment, and there has never been any vulnerable version in the stable tree. Sec team/ audit team, please confirm while 0.6.2b is still in the tree.
someone here ? advice about comment #17 ?
Confirmed on IRC; then closing with no glsa.
