Bug 18743 - iperf new security issue CVE-2016-4303
Summary: iperf new security issue CVE-2016-4303
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/692030/
Whiteboard: MGA5-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-06-20 19:44 CEST by David Walser
Modified: 2020-08-23 18:10 CEST (History)
3 users (show)

See Also:
Source RPM: iperf-3.1.2-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-06-20 19:44:51 CEST
Fedora has issued an advisory on June 17:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DE6NEEUEC3XI62GE2MB2EK5BUCZ6MCP/

According to this ESNET advisory:
https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc

The issue is fixed upstream in versions 3.1.3 and 3.0.12.

Mageia 5 is also affected.
David Walser 2016-06-20 19:45:02 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Sander Lepik 2016-06-29 20:39:22 CEST
I have uploaded a updated package for Mageia 5 and submitted push request for cauldron.

I don't know how to test it, just make sure it works :)

Suggested advisory:
========================

Updated iperf packages fix security vulnerability:

A malicious process can connect to an iperf server and, by sending a
malformed message on the control channel, corrupt the server process's
heap area.  This can lead to a crash (and a denial of service), or
theoretically a remote code execution as the user running the iperf
server.  A malicious iperf server could potentially mount a similar
attack on an iperf client.


References:
https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
========================

Updated packages in core/updates_testing:
========================
lib(64)iperf0-3.0.12-1.mga5
lib(64)iperf-devel-3.0.12-1.mga5
iperf-3.0.12-1.mga5

Source RPMs: 
iperf-3.0.12-1.mga5.src.rpm

Assignee: mageia => qa-bugs

Comment 2 David Walser 2016-06-29 22:54:53 CEST
Suggested advisory:
========================

Updated iperf packages fix security vulnerability:

A malicious process can connect to an iperf server and, by sending a
malformed message on the control channel, corrupt the server process's
heap area.  This can lead to a crash (and a denial of service), or
theoretically a remote code execution as the user running the iperf
server.  A malicious iperf server could potentially mount a similar
attack on an iperf client (CVE-2016-4303).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4303
https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DE6NEEUEC3XI62GE2MB2EK5BUCZ6MCP/

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 3 Dave Hodgins 2016-07-05 16:18:10 CEST
Testing complete on Mageia 5 x86_64, just testing that it works.

On machine 1, "iperf3 -s".

On machine 2, "iperf3 -c 192.168.10.101" (the ip address of machine 1).

Both systems show the transfer rates.

Advisory committed to svn, validating the update.

CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA5-64-OK advisory
Keywords: (none) => validated_update

Comment 4 Mageia Robot 2016-07-05 17:48:03 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0235.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

ovile wade 2020-08-23 17:59:45 CEST

CC: (none) => sunyydv999


Note You need to log in before you can comment on or make changes to this bug.