StarlingX

Bug #1820759
Comment #11

Comment 11 for bug 1820759

Revision history for this message

Victor Manuel Rodriguez Bahena (vm-rod25) wrote on 2019-04-22: Re: [Bug 1820759] Re: CVE-2018-19115: keepalived has a Heap-based buffer overflow vulnerability

#11

Yes I was aware of this, the one I am not sure what is the state is systemd

In summary

keepalived -> remove the pkg -> no more CVE
perl -> Ok it should be merged soon, it not merged yet
systemd -> not sure of the status of that one

regards

On Mon, Apr 22, 2019 at 11:35 AM Ken Young <email address hidden> wrote:
>
> FYI - the review to remove the package:
>
> https://review.opendev.org/#/c/649143/
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1820759
>
> Title:
> CVE-2018-19115: keepalived has a Heap-based buffer overflow
> vulnerability
>
> Status in StarlingX:
> Fix Released
>
> Bug description:
> Title
> -----
> CVE-2018-19115: keepalived has a Heap-based buffer overflow vulnerability
>
> Brief Description
> -----------------
> Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.
>
> +----------------+----------------------------------------------------------------------------------+
> | CVE-2018-19115 | |
> +----------------+----------------------------------------------------------------------------------+
> | Max Score | 9.8 CRITICAL (nvd) |
> | nvd | 9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CRITICAL |
> | redhat | 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H IMPORTANT |
> | nvd | 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P HIGH |
> | Summary | keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP |
> | | status codes resulting in DoS or possibly unspecified other impact, because |
> | | extract_status_code in lib/html.c has no validation of the status code and |
> | | instead writes an unlimited amount of data to the heap. |
> | CWE | CWE-122: Heap-based Buffer Overflow (redhat) |
> | CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
> | | (nvd) |
> | Affected Pkg | keepalived-1.3.5-6.el7 -> 1.3.5-8.el7_6 (updates) |
> | Confidence | 100 / OvalMatch |
> | Source | https://nvd.nist.gov/vuln/detail/CVE-2018-19115 |
> | CVSSv2 Calc | https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2018-19115 |
> | CVSSv3 Calc | https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2018-19115 |
> | RHEL-CVE | https://access.redhat.com/security/cve/CVE-2018-19115 |
> | CWE | https://cwe.mitre.org/data/definitions/CWE-122.html |
> | CWE | https://cwe.mitre.org/data/definitions/CWE-119.html |
> +----------------+----------------------------------------------------------------------------------+
>
> Severity
> --------
> <Major: System/Feature is usable but degraded>
>
> Steps to Reproduce
> ------------------
> N/A
>
> Expected Behavior
> ------------------
> N/A
>
> Actual Behavior
> ----------------
> N/A
>
> Reproducibility
> ---------------
> N/A
>
> System Configuration
> --------------------
> N/A
>
> Branch/Pull Time/Commit
> -----------------------
> N/A
>
> Timestamp/Logs
> --------------
> N/A
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/starlingx/+bug/1820759/+subscriptions

Yes I was aware of this, the one I am not sure what is the state is systemd

In summary

keepalived -> remove the pkg -> no more CVE
perl -> Ok it should be merged soon, it not merged yet
systemd -> not sure of the status of that one

regards

On Mon, Apr 22, 2019 at 11:35 AM Ken Young <ken.young@windriver.com> wrote:
>
> FYI - the review to remove the package:
>
> https://review.opendev.org/#/c/649143/
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1820759
>
> Title:
>   CVE-2018-19115: keepalived has a Heap-based buffer overflow
>   vulnerability
>
> Status in StarlingX:
>   Fix Released
>
> Bug description:
>   Title
>   -----
>   CVE-2018-19115: keepalived has a Heap-based buffer overflow vulnerability
>
>   Brief Description
>   -----------------
>   Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.
>
>   +----------------+----------------------------------------------------------------------------------+
>   | CVE-2018-19115 |                                                                                  |
>   +----------------+----------------------------------------------------------------------------------+
>   | Max Score      | 9.8 CRITICAL (nvd)                                                               |
>   | nvd            | 9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CRITICAL                        |
>   | redhat         | 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H IMPORTANT                       |
>   | nvd            | 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P HIGH                                              |
>   | Summary        | keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP       |
>   |                | status codes resulting in DoS or possibly unspecified other impact, because      |
>   |                | extract_status_code in lib/html.c has no validation of the status code and       |
>   |                | instead writes an unlimited amount of data to the heap.                          |
>   | CWE            | CWE-122: Heap-based Buffer Overflow (redhat)                                     |
>   | CWE            | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
>   |                | (nvd)                                                                            |
>   | Affected Pkg   | keepalived-1.3.5-6.el7 -> 1.3.5-8.el7_6 (updates)                                |
>   | Confidence     | 100 / OvalMatch                                                                  |
>   | Source         | https://nvd.nist.gov/vuln/detail/CVE-2018-19115                                  |
>   | CVSSv2 Calc    | https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2018-19115         |
>   | CVSSv3 Calc    | https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2018-19115         |
>   | RHEL-CVE       | https://access.redhat.com/security/cve/CVE-2018-19115                            |
>   | CWE            | https://cwe.mitre.org/data/definitions/CWE-122.html                              |
>   | CWE            | https://cwe.mitre.org/data/definitions/CWE-119.html                              |
>   +----------------+----------------------------------------------------------------------------------+
>
>   Severity
>   --------
>   <Major: System/Feature is usable but degraded>
>
>   Steps to Reproduce
>   ------------------
>   N/A
>
>   Expected Behavior
>   ------------------
>   N/A
>
>   Actual Behavior
>   ----------------
>   N/A
>
>   Reproducibility
>   ---------------
>   N/A
>
>   System Configuration
>   --------------------
>   N/A
>
>   Branch/Pull Time/Commit
>   -----------------------
>   N/A
>
>   Timestamp/Logs
>   --------------
>   N/A
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/starlingx/+bug/1820759/+subscriptions