Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 795084 (CVE-2021-33833) - <net-misc/connman-1.40: stack buffer overflow in dnsproxy (CVE-2021-33833)
Summary: <net-misc/connman-1.40: stack buffer overflow in dnsproxy (CVE-2021-33833)
Status: RESOLVED FIXED
Alias: CVE-2021-33833
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-09 11:55 UTC by John Helmert III
Modified: 2021-07-12 02:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-06-09 11:55:47 UTC
CVE-2021-33833:

The issue affects the dnsproxy component in releases 1.32 to 1.39 of connman.

Unpacking of NAME and RDATA/RDLENGTH fields with TYPE A/AAAA in the uncompress
function uses a memcpy with insufficient bounds checking, which can overflow
a stack buffer.

Researcher has written a POC, works with stack overflow heuristics and PIE disabled, so stack overflow protection seems to mitigate it.


I am apparently not authorized to access the homepage of Connman, so I can't tell if there's any fixed release upstream. There is a patch at URL, however.
Comment 1 Ben Kohler gentoo-dev 2021-06-09 13:48:05 UTC
I'll try to find out if the homepage has moved or just has a temporary problem, but in the meantime:

https://git.kernel.org/pub/scm/network/connman/connman.git/
Comment 2 John Helmert III gentoo-dev Security 2021-06-10 03:19:11 UTC
Guessing this is the relevant patch then: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
Comment 3 Larry the Git Cow gentoo-dev 2021-06-10 11:34:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac59da57086f45ad426889f31b78cfccc6de6848

commit ac59da57086f45ad426889f31b78cfccc6de6848
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2021-06-10 11:34:05 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2021-06-10 11:34:31 +0000

    net-misc/connman: bump to 1.40
    
    Bug: https://bugs.gentoo.org/795084
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest            |   1 +
 net-misc/connman/connman-1.40.ebuild | 101 +++++++++++++++++++++++++++++++++++
 2 files changed, 102 insertions(+)
Comment 4 John Helmert III gentoo-dev Security 2021-06-10 14:48:46 UTC
Thank you! Please stabilize when ready.
Comment 5 Agostino Sarubbo gentoo-dev 2021-06-17 07:19:28 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2021-06-17 07:20:30 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2021-06-17 07:24:00 UTC
x86 stable
Comment 8 Sam James archtester gentoo-dev Security 2021-06-17 20:18:31 UTC
amd64 done
Comment 9 Sam James archtester gentoo-dev Security 2021-06-18 22:37:38 UTC
arm64 done
Comment 10 Sam James archtester gentoo-dev Security 2021-06-22 19:37:59 UTC
arm done

all arches done
Comment 11 John Helmert III gentoo-dev Security 2021-06-22 22:58:17 UTC
Please cleanup
Comment 12 Larry the Git Cow gentoo-dev 2021-06-22 23:50:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=419fb3386c724da91004543a5b0494c16a375c2d

commit 419fb3386c724da91004543a5b0494c16a375c2d
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2021-06-22 23:50:21 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2021-06-22 23:50:41 +0000

    net-misc/connman: drop old
    
    Bug: https://bugs.gentoo.org/795084
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest               |   1 -
 net-misc/connman/connman-1.39-r1.ebuild | 101 --------------------------------
 2 files changed, 102 deletions(-)
Comment 13 John Helmert III gentoo-dev Security 2021-07-11 03:04:12 UTC
GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2021-07-12 02:50:54 UTC
This issue was resolved and addressed in
 GLSA 202107-29 at https://security.gentoo.org/glsa/202107-29
by GLSA coordinator Sam James (sam_c).