oss-sec mailing list archives
Re: CVE Request: zeromq downgrade attack
From: cve-assign () mitre org
Date: Thu, 21 May 2015 10:16:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://github.com/zeromq/libzmq/issues/1273 https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51 https://www.debian.org/security/2015/dsa-3255
Use CVE-2014-9721.
// Is the peer using ZMTP/1.0 with no revision number? if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) { if (session->zap_enabled ()) { // Reject ZMTP 1.0 connections if ZAP is enabled error (); if (greeting_recv [revision_pos] == ZMTP_1_0) { if (session->zap_enabled ()) { // Reject ZMTP 1.0 connections if ZAP is enabled error (); if (greeting_recv [revision_pos] == ZMTP_2_0) { if (session->zap_enabled ()) { // Reject ZMTP 1.0 connections if ZAP is enabled error ();
We think there is essentially only one vulnerability, and it was fixed by that commit, but it is somewhat confusing because of an apparent typo in a comment. Shouldn't the "== ZMTP_2_0" test have a "Reject ZMTP 2.0" comment? - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVXehxAAoJEKllVAevmvmsbfgH/2jRFmbbcvY3qV4yGoEhupxS xiI4z5Emf7dgQ/J06/qK4EBCBbr4UfWD9MlEWPOJF1jC5x4ILz7R44nfLtNwvv+H weBUUI7VcCIbzs4/aIhznHExz849e9ze2wQLURaZ+v9d7tuc9QpTGfDdOqI/Mu7h 9LKrZPKmbbx6HyQVZVCf3UETiNeSndbmF/Up8A8QPIkBDDUUNiigZTj3JRXCUyuP 3MtLHGECAg5+qst2CPaLgdp64CTRinHzNXffF6kOS71CaqPPj4O5sbUAaLQBEHsw cyvTGsFyoM2NaefGnlG06Snk7EEfANwX9whCoQneHDNDK0Fr/L5sCwd+BYdQzlI= =rSCR -----END PGP SIGNATURE-----
Current thread:
- CVE Request: zeromq downgrade attack Alessandro Ghedini (May 07)
- Re: CVE Request: zeromq downgrade attack Salvatore Bonaccorso (May 10)
- Re: CVE Request: zeromq downgrade attack Alessandro Ghedini (May 15)
- Re: CVE Request: zeromq downgrade attack cve-assign (May 21)
- Re: CVE Request: zeromq downgrade attack Alessandro Ghedini (May 22)