qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash)     via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for     CVE-2015-0203. (CVE-2015-0224)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0707 advisory.

    Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating     Messaging, Real Time, and Grid functionality. It offers increased     performance, reliability, interoperability, and faster computing for     enterprise customers.

    MRG Messaging is a high-speed reliable messaging distribution for Linux     based on AMQP (Advanced Message Queuing Protocol), an open protocol     standard for enterprise messaging that is designed to make mission critical     messaging widely available as a standard service, and to make enterprise     messaging interoperable across platforms, programming languages, and     vendors.

    MRG Messaging includes AMQP messaging broker; AMQP client libraries for     C++, Java JMS, and Python; as well as persistence libraries and     management tools.

    It was discovered that the Qpid daemon (qpidd) did not restrict access to     anonymous users when the ANONYMOUS mechanism was disallowed.
    (CVE-2015-0223)

    A flaw was found in the way the Qpid daemon (qpidd) processed certain     protocol sequences. An unauthenticated attacker able to send a specially     crafted protocol sequence set that could use this flaw to crash qpidd.
    (CVE-2015-0203, CVE-2015-0224)

    Red Hat would like to thank the Apache Software Foundation for reporting     the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as     the original reporter.

    This update also fixes the following bugs:

    * Previously, the neutron messaging client rewrote (by method of     monkey-patching) the python selector module to support eventlet     threading. The rewritten client did not update select.poll() during this     process, which is used by qpid-python to manage I/O. This resulted in     poll() deadlocks and neutron server hangs. The fix introduces updates to     the python-qpid library that avoid calling poll() if eventlet threading is     detected. Instead, the eventlet-aware select() is called, which prevents     deadlocks from occurring and corrects the originally reported issue.
    (BZ#1175872)

    * It was discovered that the QPID Broker aborted with an uncaught     UnknownExchangeTypeException when the client attempted to request an     unsupported exchange type. The code for the Exchange Registry and Node     Policy has been improved to prevent this issue from happening again.
    (BZ#1186694)

    Users of the Messaging capabilities of Red Hat Enterprise MRG 3, which is     layered on Red Hat Enterprise Linux 6, are advised to upgrade to these     updated packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Rebuilt against qpid-proton 0.12.0.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated qpid-cpp packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.

The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol.

It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
(CVE-2015-0223)

Multiple flaws were found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use these flaws to crash qpidd. (CVE-2015-0203, CVE-2015-0224)

Red Hat would like to thank the Apache Software Foundation for reporting the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter.

This update also fixes the following bug :

* Prior to this update, because message purging was performed on a timer thread, large purge events could have caused all other timer tasks to be delayed. Because heartbeats were also driven by a timer on this thread, this could have resulted in clients timing out because they were not receiving heartbeats. The fix moves expired message purging from the timer thread to a worker thread, which allow long-running expired message purges to not affect timer tasks such as the heartbeat timer. (BZ#1142833)

All users of Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages, which correct these issues.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0708 advisory.

    Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating     Messaging, Real Time, and Grid functionality. It offers increased     performance, reliability, interoperability, and faster computing for     enterprise customers.

    MRG Messaging is a high-speed reliable messaging distribution for Linux     based on AMQP (Advanced Message Queuing Protocol), an open protocol     standard for enterprise messaging that is designed to make mission critical     messaging widely available as a standard service, and to make enterprise     messaging interoperable across platforms, programming languages, and     vendors.

    MRG Messaging includes AMQP messaging broker; AMQP client libraries for     C++, Java JMS, and Python; as well as persistence libraries and     management tools.

    It was discovered that the Qpid daemon (qpidd) did not restrict access to     anonymous users when the ANONYMOUS mechanism was disallowed.
    (CVE-2015-0223)

    A flaw was found in the way the Qpid daemon (qpidd) processed certain     protocol sequences. An unauthenticated attacker able to send a specially     crafted protocol sequence set that could use this flaw to crash qpidd.
    (CVE-2015-0203, CVE-2015-0224)

    Red Hat would like to thank the Apache Software Foundation for reporting     the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as     the original reporter.

    This update also fixes the following bugs:

    * Previously, the neutron messaging client rewrote (by method of     monkey-patching) the python selector module to support eventlet     threading. The rewritten client did not update select.poll() during this     process, which is used by qpid-python to manage I/O. This resulted in     poll() deadlocks and neutron server hangs. The fix introduces updates to     the python-qpid library that avoid calling poll() if eventlet threading is     detected. Instead, the eventlet-aware select() is called, which prevents     deadlocks from occurring and corrects the originally reported issue.
    (BZ#1175872)

    * It was discovered that the QPID Broker aborted with an uncaught     UnknownExchangeTypeException when the client attempted to request an     unsupported exchange type. The code for the Exchange Registry and Node     Policy has been improved to prevent this issue from happening again.
    (BZ#1186694)

    Users of the Messaging capabilities of Red Hat Enterprise MRG 3, which is     layered on Red Hat Enterprise Linux 7, are advised to upgrade to these     updated packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0662 advisory.

    Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation     IT infrastructure for enterprise computing. MRG offers increased     performance, reliability, interoperability, and faster computing for     enterprise customers.

    The Qpid packages provide a message broker daemon that receives, stores and     routes messages using the open AMQP messaging protocol along with run-time     libraries for AMQP client applications developed using Qpid C++. Clients     exchange messages with an AMQP message broker using the AMQP protocol.

    It was discovered that the Qpid daemon (qpidd) did not restrict access to     anonymous users when the ANONYMOUS mechanism was disallowed.
    (CVE-2015-0223)

    Multiple flaws were found in the way the Qpid daemon (qpidd) processed     certain protocol sequences. An unauthenticated attacker able to send a     specially crafted protocol sequence set could use these flaws to crash     qpidd. (CVE-2015-0203, CVE-2015-0224)

    Red Hat would like to thank the Apache Software Foundation for reporting     the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as     the original reporter.

    This update also fixes the following bug:

    * Prior to this update, because message purging was performed on a timer     thread, large purge events could have caused all other timer tasks to be     delayed. Because heartbeats were also driven by a timer on this thread,     this could have resulted in clients timing out because they were not     receiving heartbeats. The fix moves expired message purging from the timer     thread to a worker thread, which allow long-running expired message purges     to not affect timer tasks such as the heartbeat timer. (BZ#1142833)

    All users of Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise     Linux 5 are advised to upgrade to these updated packages, which correct     these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Updated qpid-cpp packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.

The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol.

It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
(CVE-2015-0223)

Multiple flaws were found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use these flaws to crash qpidd. (CVE-2015-0203, CVE-2015-0224)

Red Hat would like to thank the Apache Software Foundation for reporting the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter.

This update also fixes the following bug :

* Prior to this update, because message purging was performed on a timer thread, large purge events could have caused all other timer tasks to be delayed. Because heartbeats were also driven by a timer on this thread, this could have resulted in clients timing out because they were not receiving heartbeats. The fix moves expired message purging from the timer thread to a worker thread, which allow long-running expired message purges to not affect timer tasks such as the heartbeat timer. (BZ#1142833)

All users of Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages, which correct these issues.

ID	Name	Product	Family	Severity
218586	Linux Distros Unpatched Vulnerability : CVE-2015-0224	Nessus	Misc.	high
117467	RHEL 6 : qpid (RHSA-2015:0707)	Nessus	Red Hat Local Security Checks	high
89796	Fedora 23 : qpid-cpp-0.34-6.fc23 (2016-120b194a75)	Nessus	Fedora Local Security Checks	high
85704	RHEL 7 : MRG (RHSA-2015:0660)	Nessus	Red Hat Local Security Checks	high
82492	RHEL 7 : qpid (RHSA-2015:0708)	Nessus	Red Hat Local Security Checks	high
81728	RHEL 5 : qpid-cpp (RHSA-2015:0662)	Nessus	Red Hat Local Security Checks	high
81727	RHEL 6 : MRG (RHSA-2015:0661)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2015-0224

high

Tenable Plugins

high

high

high

high

high

high

high