658354 – (CVE-2018-1084) <sys-cluster/corosync-3.0.4: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084)

Bug 658354 (CVE-2018-1084) - <sys-cluster/corosync-3.0.4: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084)

Summary: <sys-cluster/corosync-3.0.4: Integer overflow in exec/totemcrypto.c:authentic...

Status:	RESOLVED FIXED

Alias:	CVE-2018-1084

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/corosync/corosync/...
Whiteboard:	B3 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-06-18 00:36 UTC by Florian Schuhmacher
Modified:	2021-07-03 02:27 UTC (History)
CC List:	4 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/16803
Package list:	sys-cluster/corosync-3.1.0 sys-cluster/libqb-2.0.1-r1 x86 sys-cluster/kronosnet-1.19 amd64 ppc ppc64 x86 app-admin/augeas-1.12.0 ppc ppc64 app-doc/NaturalDocs-1.52-r1 ppc64
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Schuhmacher 2018-06-18 00:36:47 UTC

Potential pre-authentication buffer overflow due to integer overflow in
exec/totemcrypto.c:authenticate_nss_2_3() function can lead to denial of
service or potentially to remote code execution.

corosync before version 2.4.4 is vulnerable.

Gentoo Security Scout
Florian Schuhmacher

Comment 1 Yury German Gentoo Infrastructure

2019-03-12 07:45:55 UTC

CVE-2018-1084 Detail
Current Description
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

Comment 2 Sam James archtester

2020-03-19 01:43:20 UTC

@maintainers, please create an appropriate ebuild, and call for stabilisation when ready.

Comment 3 Sam James archtester

2020-06-20 02:04:25 UTC

ping

Comment 4 Larry the Git Cow gentoo-dev

2020-10-21 12:59:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e50ae9c2a0231556f783652e6951e49222744bd0

commit e50ae9c2a0231556f783652e6951e49222744bd0
Author:     Timo Rothenpieler <btbn@btbn.de>
AuthorDate: 2020-07-24 19:34:00 +0000
Commit:     Alexys Jacob <ultrabug@gentoo.org>
CommitDate: 2020-10-21 12:58:09 +0000

    sys-cluster/corosync: bump for 3.0.4
    
    Bug: https://bugs.gentoo.org/658354
    Signed-off-by: Timo Rothenpieler <btbn@btbn.de>
    Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>

 sys-cluster/corosync/Manifest              |  1 +
 sys-cluster/corosync/corosync-3.0.4.ebuild | 69 ++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

Comment 5 John Helmert III archtester

2020-10-21 14:07:47 UTC

Please stabilize when ready.

Comment 6 NATTkA bot gentoo-dev

2020-10-21 14:09:15 UTC Comment hidden (obsolete)

Sanity check failed:

> sys-cluster/corosync-3.0.4
>   depend amd64 stable profile default/linux/amd64/17.0 (61 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (4 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   rdepend amd64 stable profile default/linux/amd64/17.0 (61 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (4 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=

Comment 7 NATTkA bot gentoo-dev

2020-11-07 04:05:53 UTC Comment hidden (obsolete)

Sanity check failed:

> sys-cluster/corosync-3.0.4
>   depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (4 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   depend amd64 stable profile default/linux/amd64/17.1 (47 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (4 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   rdepend amd64 stable profile default/linux/amd64/17.1 (47 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=

Comment 8 NATTkA bot gentoo-dev

2020-11-09 16:25:22 UTC Comment hidden (obsolete)

Sanity check failed:

> sys-cluster/corosync-3.0.4
>   depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (5 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   depend amd64 stable profile default/linux/amd64/17.1 (47 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (5 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=
>   rdepend amd64 stable profile default/linux/amd64/17.1 (47 total)
>     >=sys-cluster/libqb-2.0.0:=
>     sys-cluster/kronosnet:=

Comment 9 NATTkA bot gentoo-dev

2020-11-12 17:13:43 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: sys-cluster/corosync-3.0.4

Comment 10 NATTkA bot gentoo-dev

2021-01-08 19:25:11 UTC Comment hidden (obsolete)

Resetting sanity check; keywords are not fully specified and arches are not CC-ed.

Comment 11 NATTkA bot gentoo-dev

2021-01-08 19:37:19 UTC Comment hidden (obsolete)

Sanity check failed:

> sys-cluster/corosync-3.1.0
>   depend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (9 total)
>     app-admin/augeas
>   depend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
>     app-admin/augeas
>   rdepend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (9 total)
>     app-admin/augeas
>   rdepend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
>     app-admin/augeas

Comment 12 NATTkA bot gentoo-dev

2021-01-08 20:01:19 UTC Comment hidden (obsolete)

Sanity check failed:

> app-admin/augeas-1.12.0
>   depend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (9 total)
>     >=app-doc/NaturalDocs-1.40
>   depend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total)
>     >=app-doc/NaturalDocs-1.40

Comment 13 NATTkA bot gentoo-dev

2021-01-08 20:13:22 UTC Comment hidden (obsolete)

Unable to check for sanity:

> disallowed package spec (only = allowed): app-doc/NaturalDocs

Comment 14 NATTkA bot gentoo-dev

2021-01-08 20:22:09 UTC

All sanity-check issues have been resolved

Comment 15 Sam James archtester

2021-01-09 06:56:49 UTC

ppc64 done

Comment 16 Sam James archtester

2021-01-10 21:58:19 UTC

amd64 done

Comment 17 Sam James archtester

2021-01-14 23:59:13 UTC

x86 done

Comment 18 Sam James archtester

2021-01-15 22:07:25 UTC

ppc done

all arches done

Comment 19 John Helmert III archtester

2021-01-15 22:12:25 UTC

Please cleanup.

Comment 20 Thomas Deutschmann (RETIRED) gentoo-dev

2021-05-26 21:09:21 UTC

New GLSA request filed.

Comment 21 GLSAMaker/CVETool Bot gentoo-dev

2021-07-03 02:27:07 UTC

This issue was resolved and addressed in
 GLSA 202107-01 at https://security.gentoo.org/glsa/202107-01
by GLSA coordinator John Helmert III (ajak).