[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [LIBNBD SECURITY PATCH 0/1] NBD Protocol Downgrade Attack in libnbd



We discovered a possible Downgrade Attack in libnbd.

Lifecycle
---------

Reported: 2019-09-14  Fixed: 2019-09-16  Published: 2019-09-16

There is no CVE number assigned for this issue yet, but the bug is
being categorized and processed by Red Hat's security team which may
result in a CVE being published later.

Description
-----------

Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is
documented to let a client refuse to connect to a server that is not
using TLS encryption. However, if the server uses the oldstyle
protocol, a flaw in libnbd meant that the client would proceed with an
unencrypted connection without warning.

An attacker, perhaps acting as a man-in-the-middle, can proceed to
offer the oldstyle protocol rather than the newstyle protocol in an
effort to coerce the client to send plaintext data over the network
that the client thought would be secured.

Workarounds
-----------

It is recommended to upgrade to a fixed version of libnbd (see next
section).  However if this cannot be done, it is possible for a client
to test after connection whether the server also supports extension
features that require the newstyle protocol, and thus be sure that an
oldstyle server did not thwart encryption.  Either of the following
extension tests will prove that a newstyle server is present
(unfortunately, this does not help for a newstyle server that does not
support either extension):
- If nbd_can_df(h) returns true.
- If the client requests nbd_add_meta_context(h, context) prior to
connection, then nbd_can_meta_context(h, context) returns true; the
most commonly supported context is LIBNBD_CONTEXT_BASE_ALLOCATION.

Test if libnbd is vulnerable
----------------------------

Run the following command (tested with nbdkit 1.12 or newer):

$ nbdsh -c 'h.set_tls(nbd.TLS_REQUIRE)' \
  -c 'h.connect_command(["nbdkit", "-o", "-s", "null"])' \
  -c 'print(h.get_size())'

If the command succeeds and prints 0, then libnbd is vulnerable.  The
correct behavior is to fail with an error that the connection was not
possible due to the server lacking encryption support.

Fixes
-----

This affects all stable versions of libnbd.  A fix is available for
1.0 and the current development version:

* development branch (1.1)
  https://github.com/libguestfs/libnbd/commit/cca3b10fea96a349a9d718cc92f4216e44944216
  or use libnbdkit >= 1.1.2 from
  http://download.libguestfs.org/libnbd/1.1-development/

* stable branch 1.0
  https://github.com/libguestfs/libnbd/commit/19217810ce4467cc8b3671a2797e110b3e19e6c4
  or use nbdkit >= 1.0.2 from
  http://download.libguestfs.org/libnbd/1.0-stable/

Credit
------

Discovered by Eric Blake <eblake redhat com>


Eric Blake (1):
  security: states: Fail oldstyle servers when tls==2

 generator/states-oldstyle.c | 10 ++++++++++
 tests/oldstyle.c            | 17 +++++++++++++++++
 2 files changed, 27 insertions(+)

-- 
2.21.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]