We discovered a possible Downgrade Attack in libnbd. Lifecycle ---------
Reported: 2019-09-14 Fixed: 2019-09-16 Published: 2019-09-16 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Description ----------- Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is documented to let a client refuse to connect to a server that is not using TLS encryption. However, if the server uses the oldstyle protocol, a flaw in libnbd meant that the client would proceed with an unencrypted connection without warning. An attacker, perhaps acting as a man-in-the-middle, can proceed to offer the oldstyle protocol rather than the newstyle protocol in an effort to coerce the client to send plaintext data over the network that the client thought would be secured. Workarounds ----------- It is recommended to upgrade to a fixed version of libnbd (see next section). However if this cannot be done, it is possible for a client to test after connection whether the server also supports extension features that require the newstyle protocol, and thus be sure that an oldstyle server did not thwart encryption. Either of the following extension tests will prove that a newstyle server is present (unfortunately, this does not help for a newstyle server that does not support either extension): - If nbd_can_df(h) returns true. - If the client requests nbd_add_meta_context(h, context) prior to connection, then nbd_can_meta_context(h, context) returns true; the most commonly supported context is LIBNBD_CONTEXT_BASE_ALLOCATION. Test if libnbd is vulnerable ---------------------------- Run the following command (tested with nbdkit 1.12 or newer): $ nbdsh -c 'h.set_tls(nbd.TLS_REQUIRE)' \ -c 'h.connect_command(["nbdkit", "-o", "-s", "null"])' \ -c 'print(h.get_size())' If the command succeeds and prints 0, then libnbd is vulnerable. The correct behavior is to fail with an error that the connection was not possible due to the server lacking encryption support. Fixes ----- This affects all stable versions of libnbd. A fix is available for 1.0 and the current development version: * development branch (1.1) https://github.com/libguestfs/libnbd/commit/cca3b10fea96a349a9d718cc92f4216e44944216 or use libnbdkit >= 1.1.2 from http://download.libguestfs.org/libnbd/1.1-development/ * stable branch 1.0 https://github.com/libguestfs/libnbd/commit/19217810ce4467cc8b3671a2797e110b3e19e6c4 or use nbdkit >= 1.0.2 from http://download.libguestfs.org/libnbd/1.0-stable/ Credit ------ Discovered by Eric Blake <[email protected]> Eric Blake (1): security: states: Fail oldstyle servers when tls==2 generator/states-oldstyle.c | 10 ++++++++++ tests/oldstyle.c | 17 +++++++++++++++++ 2 files changed, 27 insertions(+) -- 2.21.0 _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
