Bug 183163

Summary:	sys-cluster/cman buffer overflow (CVE-2007-3373, 3374)
Product:	Gentoo Security	Reporter:	Matt Drew (RETIRED) <aetius>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	cluster
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html
Whiteboard:	C1 [] aetius
Package list:		Runtime testing required:	---

Description Matt Drew (RETIRED) gentoo-dev

2007-06-25 15:32:27 UTC

http://secunia.com/advisories/25799/

A local user can trigger a DoS or possible code execution by sending overly long client cluster messages.  There's a link to a patch in the linked Red Hat mailing list message.

Comment 1 Matt Drew (RETIRED) gentoo-dev

2007-06-25 15:55:59 UTC

Setting status.  It's not clear what version this applies to, I'm assuming the latest.  Also the daemon appears to run as root, there are no provisions for privilege reduction in /etc/conf.d/cman or /etc/init.d/cman and no user in /etc/passwd to reduce privileges to.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-07-01 12:22:27 UTC

any news here? btw, CVE ids are:
CVE-2007-3373
CVE-2007-3374

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-07-14 22:31:27 UTC

ha-cluster, please advise.

Comment 4 Matt Drew (RETIRED) gentoo-dev

2007-07-30 10:40:11 UTC

ha-cluster please advise.

Comment 5 Markus Dittrich (RETIRED) gentoo-dev

2007-09-08 13:47:20 UTC

This issue seems to affect cluster project 2.x whereas we
only have 1.x in the tree hence we are likely not affected.
I've grepped through the source and couldn't find any 
instance of the problematic code reported. Maybe somebody
from ha-cluster can confirm this??

Markus

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-09-08 15:23:50 UTC

Thx Markus. Closing as INVALID for now.