Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1377280 (CVE-2016-5017)

Summary: CVE-2016-5017 zookeeper: Buffer overflow vulnerability in C cli shell
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, aileenc, alazarot, aszczucz, chazlett, ctubbsii, dmcphers, ethan, etirelli, felias, gvarsami, java-sig-commits, jcoleman, jialiu, jokerman, jolee, kconner, kseifried, kverlaen, ldimaggi, lmeyer, lpetrovi, mbaluch, mmccomas, mwinkler, nwallace, pavelp, rrajasek, rwagner, rzhang, soa-p-jira, s, tcunning, tiwillia, tkirby, tstclair, vhalbert
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zookeeper 3.4.9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-23 13:37:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1377281    
Bug Blocks:    

Description Andrej Nemec 2016-09-19 11:27:39 UTC
The ZooKeeper C client shells "cli_st" and "cli_mt" have a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:<cmd>" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur. There is no known compromise which takes advantage of this vulnerability, and if security is enabled the attacker would be limited by client level security constraints. The C cli shell is intended as a sample/example of how to use the C client interface, not as a production tool - the documentation has also been clarified on this point.

References:

http://seclists.org/bugtraq/2016/Sep/29

Upstream fix:

https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f

Comment 1 Andrej Nemec 2016-09-19 11:28:23 UTC
Created zookeeper tracking bugs for this issue:

Affects: fedora-all [bug 1377281]