Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202210-33 ] Libtirpc: Denial of Service
Date: Mon, 31 Oct 2022 01:56:44
Message-Id: 166717981076.9.7394066004615362110@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202210-33
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Libtirpc: Denial of Service
9 Date: October 31, 2022
10 Bugs: #859634
11 ID: 202210-33
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 A vulnerability has been discovered in Libtirpc which could result in
19 denial of service.
20
21 Background
22 ==========
23
24 Libtirpc is a port of Sun's Transport-Independent RPC library to Linux.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-libs/libtirpc < 1.3.2 >= 1.3.2
33
34 Description
35 ===========
36
37 Currently svc_run does not handle poll timeout and rendezvous_request
38 does not handle EMFILE error returned from accept(2 as it used to.
39 These two missing functionality were removed by commit b2c9430f46c4.
40
41 The effect of not handling poll timeout allows idle TCP conections
42 to remain ESTABLISHED indefinitely. When the number of connections
43 reaches the limit of the open file descriptors (ulimit -n) then
44 accept(2) fails with EMFILE. Since there is no handling of EMFILE
45 error this causes svc_run() to get in a tight loop calling accept(2).
46 This resulting in the RPC service of svc_run is being down, it's
47 no longer able to service any requests.
48
49 Due to a lack of handling of certain error cases, connections to
50 Libtirpc could remain ESTABLISHED indefinitely.
51
52 Impact
53 ======
54
55 Denial of service can be achieved via establishing enough connections to
56 Libtirpc to reach the limit of open file descriptors for the process.
57
58 Workaround
59 ==========
60
61 There is no known workaround at this time.
62
63 Resolution
64 ==========
65
66 All Libtirpc users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot --verbose ">=net-libs/libtirpc-1.3.2"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2021-46828
75 https://nvd.nist.gov/vuln/detail/CVE-2021-46828
76
77 Availability
78 ============
79
80 This GLSA and any updates to it are available for viewing at
81 the Gentoo Security Website:
82
83 https://security.gentoo.org/glsa/202210-33
84
85 Concerns?
86 =========
87
88 Security is a primary focus of Gentoo Linux and ensuring the
89 confidentiality and security of our users' machines is of utmost
90 importance to us. Any security concerns should be addressed to
91 security@g.o or alternatively, you may file a bug at
92 https://bugs.gentoo.org.
93
94 License
95 =======
96
97 Copyright 2022 Gentoo Foundation, Inc; referenced text
98 belongs to its owner(s).
99
100 The contents of this document are licensed under the
101 Creative Commons - Attribution / Share Alike license.
102
103 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature