Vulnerabilities > CVE-2017-7652
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-D305559481.NASL description Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120818 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120818 title Fedora 28 : mosquitto (2018-d305559481) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-d305559481. # include("compat.inc"); if (description) { script_id(120818); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-7651", "CVE-2017-7652"); script_xref(name:"FEDORA", value:"2018-d305559481"); script_name(english:"Fedora 28 : mosquitto (2018-d305559481)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d305559481" ); script_set_attribute( attribute:"solution", value:"Update the affected mosquitto package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7652"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mosquitto"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"mosquitto-1.4.15-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mosquitto"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-E03A17FA61.NASL description Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-04-03 plugin id 108792 published 2018-04-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108792 title Fedora 26 : mosquitto (2018-e03a17fa61) NASL family Fedora Local Security Checks NASL id FEDORA_2018-AD652798B8.NASL description Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-04-03 plugin id 108791 published 2018-04-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108791 title Fedora 27 : mosquitto (2018-ad652798b8) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4325.NASL description It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 118408 published 2018-10-26 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118408 title Debian DSA-4325-1 : mosquitto - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1334.NASL description CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption. CVE-2017-7652 In case all sockets/file descriptors are exhausted, a SIGHUP signal to reload the configuration could result in default config values (especially bad security settings) For Debian 7 last seen 2020-03-17 modified 2018-04-02 plugin id 108768 published 2018-04-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108768 title Debian DLA-1334-1 : mosquitto security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1409.NASL description CVE-2017-7651 fix to avoid extraordinary memory consumption by crafted CONNECT packet from unauthenticated client CVE-2017-7652 in case all sockets/file descriptors are exhausted, this is a fix to avoid default config values after reloading configuration by SIGHUP signal For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 110818 published 2018-07-02 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110818 title Debian DLA-1409-1 : mosquitto security update
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=530102
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=530102
- https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html
- https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html
- https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
- https://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
- https://www.debian.org/security/2018/dsa-4325
- https://www.debian.org/security/2018/dsa-4325