-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ESnet Software Security Advisory ESNET-SECADV-2023-0002
Topic: iperf3 Server Denial of Service Issued: 13 September 2023 Credits: Jorge Sancho Larraz (Canonical) Affects: iperf-3.14 and earlier Corrected: iperf-3.15 I. Background iperf3 is a utility for testing network performance using TCP, UDP, and SCTP, running over IPv4 and IPv6. It uses a client/server model, where a client and server communicate the parameters of a test, coordinate the start and end of the test, and exchange results. This message exchange takes place over a TCP "control connection". II. Problem Description The iperf3 server and client will, at various times, send data over the control connection that control the parameters, start and stop of a test, and result exchange. Many of these data have some expected length to them (whether fixed or variable). It is possible for a malicious or malfunctioning client to send less than the expected amount of data to the server. If this happens, the server will hang indefinitely waiting for the remainder (or until the connection gets closed). Because iperf3 is deliberately designed to service only one client connection at a time, this will prevent other connections to the iperf3 server. III. Impact A malicious or misbehaving process can connect to an iperf3 server and prevent other connections to the server indefinitely. This issue mainly applies to an iperf3 server that is reachable from some untrusted host or network, such as the public Internet. It might be possible for a malicious iperf3 server to mount a similar attack on an iperf3 client. iperf2, an older version of the iperf utility, uses a different model of interaction between client and server, and is not affected by this issue. IV. Workaround There is no workaround for this issue, however as best practice dictates, iperf3 should not be run with root privileges, to minimize possible impact. Note that iperf3 was not designed to be a long-running server on the public Internet. V. Solution Update iperf3 to a version containing the fix (i.e. iperf-3.15 or later). VI. Correction details The bug causing this vulnerability has been fixed by the following commit in the esnet/iperf Github repository: master 5e3704dd850a5df2fb2b3eafd117963d017d07b4 All released versions of iperf3 issued on or after the date of this advisory incorporate the fix. ESnet would like to thank Jorge Sancho Larraz (Canonical) for bringing this issue to our attention. Security concerns with iperf3 can be submitted privately by sending an email to the developers at <ip...@es.net>. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE+Fo4IENp9xo01E6DSYSRCoyq7ooFAmUDTk0ACgkQSYSRCoyq 7opD6wgAurQ/02J1AQEedE8dR47h3/HdpU4BwA+ZrI/xsatauRAjfZy+33jWYmVd nQFD2pDu/Xi86ha0xUsvj8g7Qx2tJNEvhQuYVkkCu6Z5SSKQo5UTobWqudHhA6z4 EcBptDR4erSQ/IScTSpSe97Vsi8zC9Oc2t+DJxMRNW8otHkieg/kw8Yeh6ekhJWA gcBZ/Fw8usI+G0vOyZD6PVqgRNdH5tCH7Pz3hqaWu/jhQK47fwvUIv/CG0MfKKEl OOAGeIONq62QKOnVlHgRt6dD7gITMy9CDkb7mqBbLdZVuFRGsmu1zJba25TYQKFI NLQqwFiCvQsLxc5Bs8TqJBrSyjyaRQ== =wCGb -----END PGP SIGNATURE-----
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Iperf-users mailing list Iperf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iperf-users
