Bug 1106517 (CVE-2018-14622) - VUL-0: CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return value in svc_vc.c
Summary: VUL-0: CVE-2018-14622: libtirpc: Segmentation fault in makefd_xprt return val...
Status: RESOLVED FIXED
Alias: CVE-2018-14622
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/213503/
Whiteboard: CVSSv3:RedHat:CVE-2018-14622:5.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-30 06:22 UTC by Alexander Bergmann
Modified: 2018-10-20 06:57 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-08-30 06:22:58 UTC 
rh#1620293

A flaw was found in libtirpc. The return value of makefd_xprt was used without checking for NULL in svc_vc.c, leading to a null pointer dereference / segfault if the maximum number of available file descriptors was exhausted.


References:
https://bugzilla.novell.com/show_bug.cgi?id=968175

Upstream Patch:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1620293
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14622
Comment 2 Marcus Meissner 2018-08-30 13:33:20 UTC 
dup of bug 968175

*** This bug has been marked as a duplicate of bug 968175 ***
Comment 3 Marcus Meissner 2018-08-30 14:01:16 UTC 
reverse dup needed
Comment 6 Thomas Blume 2018-09-03 11:27:15 UTC 
Patch submitted, reassigning to security team to wrap up.
Comment 7 Marcus Meissner 2018-10-15 08:59:35 UTC 
done
Comment 8 Swamp Workflow Management 2018-10-15 13:09:33 UTC 
SUSE-SU-2018:3146-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106517,1106519,968175
CVE References: CVE-2018-14621,CVE-2018-14622
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libtirpc-0.2.1-1.13.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    libtirpc-0.2.1-1.13.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libtirpc-0.2.1-1.13.6.1