Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635172 (CVE-2017-15096) - <sys-cluster/glusterfs-3.12.3: Null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c
Summary: <sys-cluster/glusterfs-3.12.3: Null pointer dereference in send_brick_req fun...
Status: RESOLVED FIXED
Alias: CVE-2017-15096
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-23 13:03 UTC by Agostino Sarubbo
Modified: 2017-12-04 20:24 UTC (History)
2 users (show)

See Also:
Package list:
=sys-cluster/glusterfs-3.12.3 amd64 ppc ppc64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-10-23 13:03:36 UTC
From ${URL} :

A flaw was found in glusterfs. A null pointer dereference in in send_brick_req function in glusterfsd/src/gf_attach.c may cause denial of service.  

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1502928


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 James Le Cuirot gentoo-dev 2017-11-21 20:49:37 UTC
I gather 3.10 and earlier were affected. I bumped to 3.12.3 and cleared all the older unstable versions anyway since they had other issues. Arch teams, please do your thing.
Comment 2 Agostino Sarubbo gentoo-dev 2017-11-24 13:24:17 UTC
amd64 stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2017-11-26 20:08:02 UTC
ppc/ppc64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-27 00:20:54 UTC
x86 stable

@ Maintainer(s): Please cleanup and drop <sys-cluster/glusterfs-3.12.3!
Comment 5 Larry the Git Cow gentoo-dev 2017-11-28 10:08:37 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd3ee9c37a203fefe6c6de23136aa1542ea398ce

commit dd3ee9c37a203fefe6c6de23136aa1542ea398ce
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-28 10:08:04 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-28 10:08:04 +0000

    sys-cluster/glusterfs: Drop vulnerable 3.6.5
    
    Bug: https://bugs.gentoo.org/635172
    Closes: https://bugs.gentoo.org/635172
    Closes: https://bugs.gentoo.org/635172
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 sys-cluster/glusterfs/Manifest                     |   1 -
 sys-cluster/glusterfs/files/glusterd-r2.initd      |  32 --
 .../files/glusterfs-3.4.0-silent_rules.patch       |  23 -
 ...libraries-using-LIBADD-instead-of-LDFLAGS.patch |  54 --
 .../files/glusterfs-3.6.5-build-shared-only.patch  | 547 ---------------------
 sys-cluster/glusterfs/glusterfs-3.6.5.ebuild       | 182 -------
 6 files changed, 839 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd3ee9c37a203fefe6c6de23136aa1542ea398ce

commit dd3ee9c37a203fefe6c6de23136aa1542ea398ce
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-28 10:08:04 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-28 10:08:04 +0000

    sys-cluster/glusterfs: Drop vulnerable 3.6.5
    
    Bug: https://bugs.gentoo.org/635172
    Closes: https://bugs.gentoo.org/635172
    Closes: https://bugs.gentoo.org/635172
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 sys-cluster/glusterfs/Manifest                     |   1 -
 sys-cluster/glusterfs/files/glusterd-r2.initd      |  32 --
 .../files/glusterfs-3.4.0-silent_rules.patch       |  23 -
 ...libraries-using-LIBADD-instead-of-LDFLAGS.patch |  54 --
 .../files/glusterfs-3.6.5-build-shared-only.patch  | 547 ---------------------
 sys-cluster/glusterfs/glusterfs-3.6.5.ebuild       | 182 -------
 6 files changed, 839 deletions(-)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd3ee9c37a203fefe6c6de23136aa1542ea398ce

commit dd3ee9c37a203fefe6c6de23136aa1542ea398ce
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-28 10:08:04 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-28 10:08:04 +0000

    sys-cluster/glusterfs: Drop vulnerable 3.6.5
    
    Bug: https://bugs.gentoo.org/635172
    Closes: https://bugs.gentoo.org/635172
    Closes: https://bugs.gentoo.org/635172
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 sys-cluster/glusterfs/Manifest                     |   1 -
 sys-cluster/glusterfs/files/glusterd-r2.initd      |  32 --
 .../files/glusterfs-3.4.0-silent_rules.patch       |  23 -
 ...libraries-using-LIBADD-instead-of-LDFLAGS.patch |  54 --
 .../files/glusterfs-3.6.5-build-shared-only.patch  | 547 ---------------------
 sys-cluster/glusterfs/glusterfs-3.6.5.ebuild       | 182 -------
 6 files changed, 839 deletions(-)}
Comment 6 James Le Cuirot gentoo-dev 2017-11-28 10:10:21 UTC
Sorry, did a stupid in a the commit message there. Old is removed now.
Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-28 13:11:44 UTC
(In reply to James Le Cuirot from comment #6)
> Sorry, did a stupid in a the commit message there. Old is removed now.

no problem, thanks for cleaning up.

GLSA Vote: No
Comment 8 Alain Zscheile 2017-11-30 20:00:23 UTC
glusterd-3.13.3 compiles on amd64, but doesn't work on some amd64 machines.

/etc/init.d/glusterd does not start, because /usr/sbin/glusterd fails with a segmentation fault.

see https://bugzilla.redhat.com/show_bug.cgi?id=1519315
Comment 9 James Le Cuirot gentoo-dev 2017-11-30 20:29:57 UTC
(In reply to Erik Zscheile from comment #8)
> glusterd-3.13.3 compiles on amd64, but doesn't work on some amd64 machines.

Hmm. I was using 3.12.2 for a little while and it was fine. Admittedly I didn't really try 3.12.3. Could you try 3.12.2? I think it would just be a case of renaming the ebuild.
Comment 10 Alain Zscheile 2017-12-01 19:44:56 UTC
(In reply to James Le Cuirot from comment #9)
> (In reply to Erik Zscheile from comment #8)
> > glusterd-3.13.3 compiles on amd64, but doesn't work on some amd64 machines.
> 
> Hmm. I was using 3.12.2 for a little while and it was fine. Admittedly I
> didn't really try 3.12.3. Could you try 3.12.2? I think it would just be a
> case of renaming the ebuild.

glusterfs-3.12.2 with libtirpc doesn't work.
glusterfs-3.12.2 without libtirpc works.
Comment 11 Alain Zscheile 2017-12-01 20:13:15 UTC
(In reply to Erik Zscheile from comment #10) 
> glusterfs-3.12.2 with libtirpc doesn't work.
> glusterfs-3.12.2 without libtirpc works.

ok, glusterfs-3.12.3 with =net-libs/libtirpc-1.0.1-r1 works,
but not with =netr-libs/libtirpc-1.0.2-r1.
Comment 12 James Le Cuirot gentoo-dev 2017-12-01 20:44:32 UTC
(In reply to Erik Zscheile from comment #11)
> (In reply to Erik Zscheile from comment #10) 
> > glusterfs-3.12.2 with libtirpc doesn't work.
> > glusterfs-3.12.2 without libtirpc works.
> 
> ok, glusterfs-3.12.3 with =net-libs/libtirpc-1.0.1-r1 works,
> but not with =netr-libs/libtirpc-1.0.2-r1.

Thanks for tracking this down. Are you able to take this to libtirpc upstream? I'm not the maintainer for that package (or even this package) and I don't know anything about it so I'm not in a position to mask it.
Comment 13 Alain Zscheile 2017-12-01 20:51:54 UTC
I tested glusterfs-3.12.3[libtirpc] again and it fails, now even with libtirpc-1.0.1-r1
Comment 14 James Le Cuirot gentoo-dev 2017-12-01 21:03:42 UTC
(In reply to Erik Zscheile from comment #13)
> I tested glusterfs-3.12.3[libtirpc] again and it fails, now even with
> libtirpc-1.0.1-r1

Oh dear. This may be down to using libtirpc at all as we were using the RPC stuff bundled with glibc until 2.26. I see you're still on 2.25. You're sure that it works when not using libtirpc at all? If so, I'll alert dilfridge as he may have a clue here.
Comment 15 Alain Zscheile 2017-12-04 14:01:38 UTC
The segfault bug specially doesn't occur and I haven't discovered other bugs jet. glibc-2.25 is stable and without libtirpc works with glusterfs.
Comment 16 James Le Cuirot gentoo-dev 2017-12-04 14:08:02 UTC
(In reply to Erik Zscheile from comment #15)
> The segfault bug specially doesn't occur and I haven't discovered other bugs
> jet. glibc-2.25 is stable and without libtirpc works with glusterfs.

Okay, I'll let dilfridge know but you should open a new bug report so we can stop annoying the security guys.
Comment 17 Alain Zscheile 2017-12-04 20:24:25 UTC
https://bugs.gentoo.org/639838