Bug 871111 (CVE-2014-2668)

Summary: VUL-1: CVE-2014-2668: couchdb: remote denial of service via /_uuids
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: abergmann, nkrinner, smash_bz, vuntz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/97449/
Whiteboard: CVSSv2:NVD:CVE-2014-2668:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2014-2668:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2014-03-31 09:04:13 UTC
via NVD:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2668&cid=4

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.



# Exploit Title: Couchdb uuids DOS exploit
# Google Dork inurl: _uuids
# Date: 03/24/2014
# Exploit Author: KrustyHack
# Vendor Homepage: http://couchdb.apache.org/
# Software Link: http://couchdb.apache.org/
# Version: up to 1.5.0
# Tested on: Linux Couchdb up to 1.5.0

HOW TO
======
curl http://couchdb_target/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999

TEST
====
Tested on a 16G RAM Quadcore server. Couchdb dead on 30 seconds with only one GET request.



http://www.securityfocus.com/bid/66474/info
http://www.exploit-db.com/exploits/32519/
http://secunia.com/advisories/57572
Comment 1 Vincent Untz 2014-03-31 09:13:51 UTC
Nanuk: could you handle that bug?
Comment 2 Swamp Workflow Management 2014-03-31 22:00:20 UTC
bugbot adjusting priority
Comment 3 Nanuk Krinner 2014-04-01 14:39:02 UTC
Fix submitted to server:database: https://build.opensuse.org/request/show/228439

Fix submitted to Devel:cloud:Shared:SP-3: https://build.suse.de/request/show/35326

Fix tested and works within our Cloud.
Comment 4 Alexander Bergmann 2014-04-04 09:24:16 UTC
Nanuk: please submit an openSUSE:12.3 and openSUSE:13.1 maintenance update.

We will put the Cloud update onto our planed update list and fix it with the next couchdb update.
Comment 5 SMASH SMASH 2014-04-04 11:35:14 UTC
Affected packages:

SLE-11-SP3-PRODUCTS: couchdb
SLE-11-SP3: couchdb
SLE-11-SP2-PRODUCTS: couchdb
Comment 6 Nanuk Krinner 2014-04-04 13:50:54 UTC
I created the maintenance requestes 229032 and 229034
Comment 7 Swamp Workflow Management 2014-04-15 10:04:25 UTC
openSUSE-SU-2014:0526-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 871111
CVE References: CVE-2014-2668
Sources used:
openSUSE 13.1 (src):    couchdb-1.3.0-2.4.1
openSUSE 12.3 (src):    couchdb-1.2.0-6.4.1
Comment 8 Marcus Meissner 2016-12-16 16:20:10 UTC
the cloud products have 1.6.1 or later. fixed