Synopsis
The remote Fedora host is missing a security update.
Description
TJ Fontaine of the Node.js project reports :
A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive `JSON.parse` calls and the parsed objects are significantly deep, you may experience the process aborting while parsing.
This issue was identified by Tom Steele of [^Lift Security](https://liftsecurity.io/) and Fedor Indunty, Node.js Core Team member worked closely with the V8 team to find our resolution.
The V8 issue is described here https://codereview.chromium.org/339883002
It has landed in the Node repository here:
https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c 9fa06356
And has been released in the following versions :
- [v0.10.30](http://nodejs.org/dist/v0.10.30) http://blog.nodejs.org/2014/07/31/node-v0-10-30-stable/
- [v0.8.28](http://nodejs.org/dist/v0.8.28) http://blog.nodejs.org/2014/07/31/node-v0-8-28-maintenan ce/
### The Fix
[Applied in this update.]
### Remediation
The best course of action is to patch or upgrade Node.js.
### Mitigation
To mitigate against deep JSON parsing you can limit the size of the string you parse against, or ban clients who trigger a `RangeError` for parsing JSON.
There is no specific maximum size of a JSON string, though keeping the max to the size of your known message bodies is suggested. If your message bodies cannot be over 20K, there's no reason to accept 1MB bodies.
For web frameworks that do automatic JSON parsing, you may need to configure the routes that accept JSON payloads to have a maximum body size.
- [expressjs](http://expressjs.com) and [krakenjs](http://krakenjs.com) used with the [body-parser](https://github.com/expressjs/body-parser#b odyparserjsonoptions) plugin accepts a `limit` parameter in your JSON config
- [Hapi.js](http://hapijs.com) has `payload.maxBytes` https://github.com/spumko/hapi/blob/master/docs/Referenc e.md
- [restify](http://mcavage.me/node-restify/#Bundled-Plugin s) bundled `bodyParser` accepts a `maxBodySize`
Source:
https://groups.google.com/d/msg/nodejs/-siJEObdp10/2xcqqmTHiEMJ
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected v8 package.
Plugin Details
File Name: fedora_2014-9095.nasl
Agent: unix
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:v8, cpe:/o:fedoraproject:fedora:20
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 8/1/2014