OpenSuSE has issued an advisory today (April 15): http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html The Novell bug has PoC information, but no patch information: https://bugzilla.novell.com/871111 The SRPMS for this update don't appear to be on the mirror yet. Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated couchdb packages fix security vulnerability: Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids (CVE-2014-2668). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2668 http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html ======================== Updated packages in core/updates_testing: ======================== couchdb-1.2.1-3.1.mga3 couchdb-bin-1.2.1-3.1.mga3 couchdb-1.4.0-2.1.mga4 couchdb-bin-1.4.0-2.1.mga4 from SRPMS: couchdb-1.2.1-3.1.mga3.src.rpm couchdb-1.4.0-2.1.mga4.src.rpm
Version: Cauldron => 4Assignee: fundawang => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
There appears to be something wrong with download.opensuse.org, so I had to use Google to find OpenSuSE's SRPMS to get the patches. Note to QA: see the Novell bug linked in Comment 0 for PoC information.
# Exploit Title: Couchdb uuids DOS exploit # Google Dork inurl: _uuids # Date: 03/24/2014 # Exploit Author: KrustyHack # Vendor Homepage: http://couchdb.apache.org/ # Software Link: http://couchdb.apache.org/ # Version: up to 1.5.0 # Tested on: Linux Couchdb up to 1.5.0 HOW TO ====== curl http://couchdb_target/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999 TEST ==== Tested on a 16G RAM Quadcore server. Couchdb dead on 30 seconds with only one GET request. http://www.securityfocus.com/bid/66474/info http://www.exploit-db.com/exploits/32519/ http://secunia.com/advisories/57572
Whiteboard: MGA3TOO => MGA3TOO has_procedure
In VirtualBox, M3, KDE, 32-bit Package(s) under test: couchdb + heimdal-telnet default install of couchdb [root@localhost wilcal]# urpmi couchdb Package couchdb-1.2.1-3.mga3.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-1.mga3.i586 is already installed Test procedure: http://wiki.apache.org/couchdb/CouchIn15Minutes Using db name "example" couchdb responds as expected install couchdb from updates_testing [root@localhost wilcal]# urpmi couchdb Package couchdb-1.2.1-3.1.mga3.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-1.mga3.i586 is already installed Test procedure: http://wiki.apache.org/couchdb/CouchIn15Minutes Using db name "example2" couchdb responds as expected Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA3-32-OKCC: (none) => wilcal.int
In VirtualBox, M3, KDE, 64-bit Package(s) under test: couchdb + heimdal-telnet default install of couchdb [root@localhost wilcal]# urpmi couchdb Package couchdb-1.2.1-3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-1.mga3.x86_64 is already installed Test procedure: http://wiki.apache.org/couchdb/CouchIn15Minutes Using db name "example1" couchdb responds as expected install couchdb from updates_testing [root@localhost wilcal]# urpmi couchdb Package couchdb-1.2.1-3.1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-1.mga3.x86_64 is already installed Test procedure: http://wiki.apache.org/couchdb/CouchIn15Minutes Using db name "example2" couchdb responds as expected Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
Whiteboard: MGA3TOO has_procedure MGA3-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK
In VirtualBox, M4, KDE, 32-bit Package(s) under test: couchdb + heimdal-telnet default install of couchdb [root@localhost wilcal]# urpmi couchdb Package couchdb-1.4.0-2.mga4.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-4.mga4.i586 is already installed Test procedure: http://wiki.apache.org/couchdb/CouchIn15Minutes As soon as I attempt to access the service at: http://localhost:5984/_utils/ couchdb stops. The same if I use: http://127.0.0.1:5984/ I get the Unable to connect browser notice. MCC -> System - Manage system services couchdb can be started but stops when accessed. Started from terminal service couchdb start and I get the same thing. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
Following procedure here https://bugs.mageia.org/show_bug.cgi?id=8973#c5 Both mga4 32 and 64 both crash when starting manually or as a service. # su - couchdb -bash-4.2$ couchdb {"init terminating in do_boot",{{badmatch,{error,{{app_would_not_start,asn1},{couch_app,start,[normal,["/etc/couchdb/default.ini","/etc/couchdb/local.ini"]]}}}},[{couch,start,0,[{file,"couch.erl"},{line,18}]},{init,start_it,1,[]},{init,start_em,1,[]}]}} Crash dump was written to: erl_crash.dump init terminating in do_boot () There was a similar issue there which was a missing requires, adding Nicolas to CC. # rpm -qa erlang* erlang-inets-R16B02-2.mga4 erlang-tools-R16B02-2.mga4 erlang-base-R16B02-2.mga4 erlang-public_key-R16B02-2.mga4 erlang-crypto-R16B02-2.mga4 erlang-ssl-R16B02-2.mga4 erlang-xmerl-R16B02-2.mga4 erlang-os_mon-R16B02-2.mga4 I'll attach a /var/lib/couchdb/erl_crash.dump
CC: (none) => mageia
Created attachment 5127 [details] /var/lib/couchdb/erl_crash.dump
If necessary we can split the update and push mga3
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure feedback MGA3-32-OK MGA3-64-OK
CC: (none) => fundawang
should this be split to allow mga3 to be pushed?
I don't think we should push a mga3 update before mga4, regardless of the fact that the versions are different. We could just push it as-is for mga4, as the update isn't any more broken than the release version. We could add a note to the advisory about it in that case, giving a reference to a new bug that would be filed for the issue and saying it'll hopefully be fixed in a future update. I think we've done something like that in the past. In the meantime, we should probably drop this package in Cauldron if nobody's interested in fixing it.
Hold off a little, I think I know where it fails, will test the fix.
CC: (none) => tmb
Thanks Thomas
couchdb-1.4.0-2.2.mga4 on the way to updates_testing. it needed erlang-asn1 and erlang-syntax_tools to work. I pushed the same fix to cauldron
Whiteboard: MGA3TOO has_procedure feedback MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK
Still the same problem unfortunately.. Preparing... ########## 1/3: erlang-syntax_tools ########## 2/3: erlang-asn1 ########## 3/3: couchdb-bin ########## 1/1: removing couchdb-bin-1.4.0-2.mga4.x86_64 ########## # su - couchdb -bash-4.2$ couchdb {"init terminating in do_boot",{{badmatch,{error,{{app_would_not_start,compiler},{couch_app,start,[normal,["/etc/couchdb/default.ini","/etc/couchdb/local.ini"]]}}}},[{couch,start,0,[{file,"couch.erl"},{line,18}]},{init,start_it,1,[]},{init,start_em,1,[]}]}} Crash dump was written to: erl_crash.dump init terminating in do_boot () # service couchdb start Redirecting to /bin/systemctl start couchdb.service # service couchdb status Redirecting to /bin/systemctl status couchdb.service couchdb.service - CouchDB Server Loaded: loaded (/usr/lib/systemd/system/couchdb.service; enabled) Active: failed (Result: start-limit) since Sat 2014-05-03 13:04:01 BST; 3s ago Process: 25106 ExecStart=/usr/bin/erl +Bd -noinput -sasl errlog_type error +K true +A 4 -couch_ini /etc/couchdb/default.ini /etc/couchdb/local.ini -s couch -pidfile /var/run/couchdb/couchdb.pid -heart (code=exited, status=1/FAILURE) Main PID: 25106 (code=exited, status=1/FAILURE) systemd[1]: couchdb.service: main process exited, code=exited, status=1/FAILURE systemd[1]: Unit couchdb.service entered failed state. systemd[1]: couchdb.service holdoff time over, scheduling restart. systemd[1]: Stopping CouchDB Server... systemd[1]: Starting CouchDB Server... systemd[1]: couchdb.service start request repeated too quickly, refusing to start. systemd[1]: Failed to start CouchDB Server. systemd[1]: Unit couchdb.service entered failed state. # rpm -qa | grep couchdb couchdb-1.4.0-2.2.mga4 couchdb-bin-1.4.0-2.2.mga4
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK => MGA3TOO feedback has_procedure MGA3-32-OK MGA3-64-OK
Created attachment 5137 [details] new /var/lib/couchdb/erl_crash.dump
Oops, my bad :/ it needs Requires on erlang-compiler too, wich is a BuildRequires so I missed it during my tests as it got pulled in when I tested the build :/ A fixed couchdb-1.4.0-2.3.mga4 is on the way to the mirrors.
Whiteboard: MGA3TOO feedback has_procedure MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK
Fixed \o/ thanks Thomas. Testing complete mga4 64 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release") erlang-compiler R16B02 2.mga4 x86_64 (medium "Core Updates Testing") couchdb 1.4.0 2.3.mga4 x86_64 couchdb-bin 1.4.0 2.3.mga4 x86_64 # su - couchdb -bash-4.2$ couchdb Apache CouchDB 1.4.0 (LogLevel=info) is starting. Apache CouchDB has started. Time to relax. [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:5984/ [info] [<0.289.0>] 127.0.0.1 - - GET /_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999 403 Test PoC and quit with ctrl-c $ curl http://localhost:5984/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999 {"error":"forbidden","reason":"count parameter too large"} Check service starts ok.. # service couchdb start Redirecting to /bin/systemctl start couchdb.service # service couchdb status Redirecting to /bin/systemctl status couchdb.service couchdb.service - CouchDB Server Loaded: loaded (/usr/lib/systemd/system/couchdb.service; enabled) Active: active (running) since Sat 2014-05-03 14:00:40 BST; 2s ago ..etc
Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK mga4-64-ok
Testing complete mga4 32 Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA3TOO has_procedure MGA3-32-OK MGA3-64-OK mga4-64-ok => MGA3TOO has_procedure advisory MGA3-32-OK MGA3-64-OK mga4-32-ok mga4-64-ok
Update pushed: http://advisories.mageia.org/MGASA-2014-0203.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
it can be quite difficult to choose the best antivirus app for your Android device when there are so many options out there. That's why we did the job and tested many different antivirus softwares. Here’s the list of the best antivirus apps for Android devices in 2022: https://celltrackingapps.com/free-android-antivirus/
CC: (none) => jasonadamses
CC: jasonadamses => davidwhodgins