[Pkg-samba-maint] Bug#813406: ctdb, raw sockets and CVE-2015-8543

Adi Kriegisch adi at kriegisch.at
Mon Feb 1 16:29:09 UTC 2016


Package: ctdb
Severity: grave
Tags: patch,upstream

Hi!

The kernel upgrade for CVE-2015-8543 showed a bug in CTDB that leads to a
broken cluster:
  | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
htons(IPPROTO_RAW) leads to 0xff00 which causes "-1 EINVAL (Invalid
argument)" because of CVE-2015-8543.
The fix for the issue is quite simple: remove IPPROTO_RAW; to make the fix
more consistent with what was used before, use IPPROTO_IP (which is 0).

Error messages related to this bug are:
  | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it
  | common/system_common.c:89 failed to open raw socket (Invalid argument)
  | Could not find which interface the ip address is hosted on. can not release it
and 
  | common/system_linux.c:344 failed to open raw socket (Invalid argument)
As a result, IP addresses cannot be released and multiple nodes in the
cluster serve the same address, which obviously does not work.

Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=11705 and mailing
list conversation: https://lists.samba.org/archive/samba/2016-January/197389.html

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ctdb_raw_socket-CVE-2015-8543.patch
Type: text/x-diff
Size: 1095 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160201/00f027f4/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160201/00f027f4/attachment.sig>


More information about the Pkg-samba-maint mailing list