** Description changed: - This issue is being treated as a potential security risk under embargo. - Please do not make any public mention of embargoed (private) security - vulnerabilities before their coordinated publication by the OpenStack - Vulnerability Management Team in the form of an official OpenStack - Security Advisory. This includes discussion of the bug or associated - fixes in public forums such as mailing lists, code review systems and - bug trackers. Please also avoid private disclosure to other individuals - not already approved for access to this information, and provide this - same reminder to those who are made aware of the issue prior to - publication. All discussion should remain confined to this private bug - report, and any proposed fixes should be added to the bug as - attachments. - It looks like the Swift proxy will leak memory if the connection is closed and the full response is not read. This opens for a potential DoS attacks. Reproduce: $ swift -A http://localhost:8888/auth/v1.0 -U .. -K .. upload --use-slo --segment-size 1048576 <container> <big-file> $ curl -H'X-Auth-Token: AUTH_...' "http://localhost:8888/v1/AUTH_../<container>/<big-file>" -m 0.001 > /dev/null Repeat the curl command a couple of times and you will have more information in netstat and sockstat. The important part is the -m which sets the max time curl spends at downloading. After that point, it'll close the connection. $ sudo netstat -ant -p | grep :6000 $ cat /proc/net/sockstat tcp 0 0 127.0.0.1:6000 0.0.0.0:* LISTEN 1358/python tcp 0 43221 127.0.0.1:6000 127.0.0.1:48350 FIN_WAIT1 - tcp 0 43221 127.0.0.1:6000 127.0.0.1:48882 FIN_WAIT1 - tcp 939820 0 127.0.0.1:48350 127.0.0.1:6000 ESTABLISHED 17897/python tcp 939820 0 127.0.0.1:48882 127.0.0.1:6000 ESTABLISHED 17890/python tcp 983041 0 127.0.0.1:48191 127.0.0.1:6000 CLOSE_WAIT 17897/python tcp 983041 0 127.0.0.1:48948 127.0.0.1:6000 CLOSE_WAIT 17892/python Restarting the proxy frees up the lingering memory. This problem did not exist in 2.2.0. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: swift 2.2.2-0ubuntu1~cloud0 [origin: Canonical] ProcVersionSignature: Ubuntu 3.16.0-48.64~14.04.1-generic 3.16.7-ckt15 Uname: Linux 3.16.0-48-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.12 Architecture: amd64 CrashDB: { "impl": "launchpad", "project": "cloud-archive", "bug_pattern_url": "http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml";, } Date: Tue Sep 8 09:55:05 2015 InstallationDate: Installed on 2015-06-22 (77 days ago) InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) PackageArchitecture: all SourcePackage: swift UpgradeStatus: No upgrade log present (probably fresh install)
** Information type changed from Private Security to Public Security ** Summary changed: - Swift proxy memory leak on unfinished read (CVE-2016-0738) + [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1493303 Title: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738) To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1493303/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
