2021-10-18 10:44:34 +00:00
|
|
|
From 6b9d4380df9bd0be91f49aad8c4f47b4e672adde Mon Sep 17 00:00:00 2001
|
|
|
|
From: Eric Blake <eblake@redhat.com>
|
|
|
|
Date: Mon, 16 Aug 2021 13:43:29 -0500
|
|
|
|
Subject: [PATCH] server: CVE-2021-3716 reset structured replies on starttls
|
|
|
|
|
|
|
|
https://nostarttls.secvuln.info/ pointed out a series of CVEs in
|
|
|
|
common implementation flaw in various SMTP and IMAP clients and
|
|
|
|
servers, all with a common thread of improperly caching plaintext
|
|
|
|
state across the STARTTLS encryption boundary; and recommended that
|
|
|
|
other protocols with a STARTTLS operation perform a similar audit.
|
|
|
|
|
|
|
|
It turns out that nbdkit has the same vulnerability in regards to the
|
|
|
|
NBD protocol: when nbdkit is run in opportunistic TLS mode, an
|
|
|
|
attacker is able to inject a plaintext NBD_OPT_STRUCTURED_REPLY before
|
|
|
|
proxying everything else a client sends to the server; if the server
|
|
|
|
then acts on that plaintext request (as nbdkit did before this patch),
|
|
|
|
then the server ends up sending structured replies to at least
|
|
|
|
NBD_CMD_READ, even though the client was assuming that the transition
|
|
|
|
to TLS has ruled out a MitM attack.
|
|
|
|
|
|
|
|
On the bright side, nbdkit's behavior on a second
|
|
|
|
NBD_OPT_STRUCTURED_REPLY was to still reply with success, so a client
|
|
|
|
that always requests structured replies after starting TLS sees no
|
|
|
|
difference in behavior (that is, qemu 2.12 and later are immune) (had
|
|
|
|
nbdkit given an error to the second request, that may have caused
|
|
|
|
confusion to more clients). And there is always the mitigation of
|
|
|
|
using --tls=require, which lets nbdkit reject the MitM message
|
|
|
|
pre-encryption. However, nbd-client 3.15 to the present do not
|
|
|
|
understand structured replies, and I have confirmed that a MitM
|
|
|
|
attacker can thus cause a denial-of-service attack that does not
|
|
|
|
trigger until the client does its first encrypted NBD_CMD_READ.
|
|
|
|
|
|
|
|
The NBD spec has been recently tightened to declare the nbdkit
|
|
|
|
behavior to be a security hole:
|
|
|
|
https://github.com/NetworkBlockDevice/nbd/commit/77e55378096aa
|
|
|
|
Fixes: eaa4c6e9a2c4bd (server: Minimal implementation of NBD Structured Replies.)
|
|
|
|
|
|
|
|
(cherry picked from commit 09a13dafb7bb3a38ab52eb5501cba786365ba7fd)
|
|
|
|
(cherry picked from commit 6185b15a81e6915734d678f0781e31d45a7941a1)
|
|
|
|
---
|
|
|
|
docs/nbdkit-security.pod | 11 +++++++++--
|
|
|
|
server/protocol-handshake-newstyle.c | 3 ++-
|
|
|
|
2 files changed, 11 insertions(+), 3 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/docs/nbdkit-security.pod b/docs/nbdkit-security.pod
|
|
|
|
index 3a28e54d..5a4e6da8 100644
|
|
|
|
--- a/docs/nbdkit-security.pod
|
|
|
|
+++ b/docs/nbdkit-security.pod
|
|
|
|
@@ -10,7 +10,7 @@ For how to report new security issues, see the C<SECURITY> file in the
|
|
|
|
top level source directory, also available online here:
|
|
|
|
L<https://github.com/libguestfs/nbdkit/blob/master/SECURITY>
|
|
|
|
|
|
|
|
-=head2 CVE-2019-14850
|
|
|
|
+=head2 CVE-2019-14850
|
|
|
|
denial of service due to premature opening of back-end connection
|
|
|
|
|
|
|
|
See the full announcement and links to mitigation, tests and fixes
|
|
|
|
@@ -26,6 +26,13 @@ See the full announcement and links to mitigation, tests and fixes
|
|
|
|
here:
|
|
|
|
https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
|
|
|
|
|
|
|
|
+=head2 CVE-2021-3716
|
|
|
|
+structured read denial of service attack against starttls
|
|
|
|
+
|
|
|
|
+See the full announcement and links to mitigation, tests and fixes
|
|
|
|
+here:
|
|
|
|
+https://www.redhat.com/archives/libguestfs/2021-August/msg00083.html
|
|
|
|
+
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<nbdkit(1)>.
|
|
|
|
@@ -38,4 +45,4 @@ Richard W.M. Jones
|
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
-Copyright (C) 2013-2020 Red Hat Inc.
|
|
|
|
+Copyright (C) 2013-2021 Red Hat Inc.
|
|
|
|
diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
|
|
|
|
index 0a76a814..b94950e2 100644
|
|
|
|
--- a/server/protocol-handshake-newstyle.c
|
|
|
|
+++ b/server/protocol-handshake-newstyle.c
|
|
|
|
@@ -495,7 +495,8 @@ negotiate_handshake_newstyle_options (void)
|
|
|
|
return -1;
|
|
|
|
conn->using_tls = true;
|
|
|
|
debug ("using TLS on this connection");
|
|
|
|
- /* Wipe out any cached default export name. */
|
|
|
|
+ /* Wipe out any cached state. */
|
|
|
|
+ conn->structured_replies = false;
|
|
|
|
for_each_backend (b) {
|
|
|
|
struct handle *h = get_handle (conn, b->i);
|
|
|
|
free (h->default_exportname);
|
|
|
|
--
|
2022-02-07 18:05:07 +00:00
|
|
|
2.31.1
|
2021-10-18 10:44:34 +00:00
|
|
|
|