Project

General

Profile

Bug #8164

Bug #8163: varnish: Data leak - ‘-sfile’ Stevedore transient objects (CVE-2017-8807)

[3.7] varnish: Data leak - ‘-sfile’ Stevedore transient objects (CVE-2017-8807)

Added by Alicha CH 9 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
11/17/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:

Description

A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc(3) memory allocation.
In a unpredictable percentage of the cases where this condition arises, a segmentation fault will happen instead. All the following conditions are required to trigger the problem:

A -sfile or -spersistent stevedore must be configured
A synthetic object must be created in vcl_backend_error{}
The synthetic object ends up in the file or persistent stevedore.

Affected Versions:

4.1.0 to 5.2.0

Fixed In:

varnish 4.1.9, varnish 5.2.1

References:

http://varnish-cache.org/security/VSV00002.html

Patch:

https://github.com/varnishcache/varnish-cache/commit/176f8a075a

Associated revisions

Revision 95bf3911 (diff)
Added by Natanael Copa 9 months ago

main/varnish: security upgrade to 5.2.1 (CVE-2017-8807)

fixes #8164

History

#1 Updated by Natanael Copa 9 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 9 months ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF