ZooKeeper 3.4.8 / 3.5.2 Buffer Overflow

2016.09.17
Credit: Lyon Yang
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################################################ CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Severity: moderate Vendor: The Apache Software Foundation Versions Affected: ZooKeeper 3.4.0 to 3.4.8 ZooKeeper 3.5.0 to 3.5.2 The unsupported ZooKeeper 1.x through 3.3.x versions may be also affected Note: The 3.5 branch is still alpha at this time. Description: The ZooKeeper C client shells "cli_st" and "cli_mt" have a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:<cmd>" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur. There is no known compromise which takes advantage of this vulnerability, and if security is enabled the attacker would be limited by client level security constraints. The C cli shell is intended as a sample/example of how to use the C client interface, not as a production tool - the documentation has also been clarified on this point. Mitigation: It is important to use the fully featured/supported Java cli shell rather than the C cli shell independent of version. - ZooKeeper 3.4.x users should upgrade to 3.4.9 or apply this patch: https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f - ZooKeeper 3.5.x users should upgrade to 3.5.3 when released or apply this patch: https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a The patch solves the problem reported here, but it does not make the client ready for production use. The community has no plan to make this client production ready at this time, and strongly recommends that users move to the Java cli and use the C cli for illustration purposes only. Credit: This issue was discovered by Lyon Yang, an Apple security researcher. References: https://zookeeper.apache.org/security.html ############################################################

References:

https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f
https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top