oss-sec mailing list archives
Re: CVE Request: zeromq downgrade attack
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Fri, 22 May 2015 11:46:02 +0200
On Thu, May 21, 2015 at 10:16:53AM -0400, cve-assign () mitre org wrote:
// Is the peer using ZMTP/1.0 with no revision number? if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) { if (session->zap_enabled ()) { // Reject ZMTP 1.0 connections if ZAP is enabled error (); if (greeting_recv [revision_pos] == ZMTP_1_0) { if (session->zap_enabled ()) { // Reject ZMTP 1.0 connections if ZAP is enabled error (); if (greeting_recv [revision_pos] == ZMTP_2_0) { if (session->zap_enabled ()) { // Reject ZMTP 1.0 connections if ZAP is enabled error ();We think there is essentially only one vulnerability, and it was fixed by that commit, but it is somewhat confusing because of an apparent typo in a comment. Shouldn't the "== ZMTP_2_0" test have a "Reject ZMTP 2.0" comment?
Yes, I think that was due to a copy-paste error when backporting the patches. The current git version has the correct comment [0]. Cheers [0] https://github.com/zeromq/libzmq/blob/f03a78bbfc205e12591a256914c6d53cc57e9023/src/stream_engine.cpp#L609
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: zeromq downgrade attack Alessandro Ghedini (May 07)
- Re: CVE Request: zeromq downgrade attack Salvatore Bonaccorso (May 10)
- Re: CVE Request: zeromq downgrade attack Alessandro Ghedini (May 15)
- Re: CVE Request: zeromq downgrade attack cve-assign (May 21)
- Re: CVE Request: zeromq downgrade attack Alessandro Ghedini (May 22)