Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/02/2013 03:58 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, Eric, Miroslav, vendors,
>
> GPSD upstream has released 3.9 version: [1]
> http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
>
>  correcting one denial of service problem [2]: A denial of service
> flaw was found in the way AIS driver packet parser of gpsd, a
> service daemon for mediating access to a GPS, processed certain 
> malformed packets. A remote attacker could provide a
> specially-crafted device input that, when processed would lead to
> gpsd's packet parser crash (gpsd daemon termination).
>
> References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=958717
>
> Candidate upstream patches [*]: [3]
> http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f
[4]
http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
> -- [*] Candidate because upstream #38511 is private currently: 
> http://savannah.nongnu.org/bugs/?38511 => hard to say if [3] is
> fixing this issue, or the DoS would be caused by the malformed
> packet crash / sample, as listed in [4].
>
> @Eric - Eric, could you please help us to solve this doubt? (which 
> of the patches is the correct one to fix the above mentioned DoS /
> security issue)
>
> Thanks: Goes to Miroslav Lichvar for bringing this one to my
> attention.
>
> Kurt, could you allocate a CVE identifier for this?
>
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team

Just a quick note, at least on Fedora when you plug in a USB GPS
device, by default the OS handles it, fires up gpsd. So with this you
could make a crash usb stick or something.

Please use CVE-2013-2038 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRgrAhAAoJEBYNRVNeJnmTH8UP/jLHRJHc60N5tyzUvPPVahza
jzIPKFvTZvGwsZ2Qw8Ai13W6IglezZWHKEjlJdDIQWrCfppw/9aOvbRYFlsj84dp
c86wiYG07eOk1btH+oNRK0sm1h3q3SmrzykNNC6bY3UmuG8JdmUhUc+O6QAOVAug
7ziIbYdAEM6AQlQfk+0NJ+0UlF91YXrcVN/AnbFkf07MOWgPEGQ6Gqh+FMuOsqE2
u5DfmXyLaywwXI96wtvym0LAE6+807u3E6Cb1dHQ2ZTBKAtFPq2kR9IGVxvz3TXd
OV0RZpImddkTrmfI1oxlM4sSAPk6++RWrkUpoMC90Y2ATCDlpshfenLs0rWP5e2p
HoVIWNagiOJeiYc1uMxptlA0GJUBetxJ+Fywc3QW04LGYk6eL2bYRm/xorSESEPU
31LjVvPL7SWEbUXrLQ+rB9Jun6xOxJc1Zfubq6aNBHfkB9oU/6vf9QFkCIXGXKoP
TpMYE/Ne6CfcRRalTIAXWm6Pzgm3oMOjlUOa9H4rs04T1pARKWp3d4cd1ZDXk1nZ
SW41fZdSpabmKFBUej5hb8x8FWadpprqkAhwCV5K32UVw07Ls56Hmp9BFknNdhWQ
F3fCAoaLVITqKAsiMvXrb7kMqsTZ+fSl/gGr3ExfLsXHctFYdWOlp+ckA4LQOCgN
DNBrg+pnk4rQpx6LBeyB
=Bn4W
-----END PGP SIGNATURE-----