Bug 1106517 (CVE-2018-14622)

Summary: VUL-0: CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: abergmann, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/213503/
Whiteboard: CVSSv3:RedHat:CVE-2018-14622:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVSSv3:SUSE:CVE-2018-14622:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2018-08-30 06:22:58 UTC
rh#1620293

A flaw was found in libtirpc. The return value of makefd_xprt was used without checking for NULL in svc_vc.c, leading to a null pointer dereference / segfault if the maximum number of available file descriptors was exhausted.


References:
https://bugzilla.novell.com/show_bug.cgi?id=968175

Upstream Patch:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1620293
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14622
Comment 2 Marcus Meissner 2018-08-30 13:33:20 UTC
dup of bug 968175

*** This bug has been marked as a duplicate of bug 968175 ***
Comment 3 Marcus Meissner 2018-08-30 14:01:16 UTC
reverse dup needed
Comment 6 Thomas Blume 2018-09-03 11:27:15 UTC
Patch submitted, reassigning to security team to wrap up.
Comment 7 Marcus Meissner 2018-10-15 08:59:35 UTC
done
Comment 8 Swamp Workflow Management 2018-10-15 13:09:33 UTC
SUSE-SU-2018:3146-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106517,1106519,968175
CVE References: CVE-2018-14621,CVE-2018-14622
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libtirpc-0.2.1-1.13.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    libtirpc-0.2.1-1.13.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libtirpc-0.2.1-1.13.6.1