Date: Thu, 9 Aug 2012 12:01:45 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections Just a heads up to advise those shipping qpid-cpp of the following flaw: In the AMQP messaging scheme implementation each broker can have both, direct connections and shadow connections. A shadow connection represents a connection to another broker in the cluster. Members use shadow connections to simulate the actions of other brokers, so that all members arrive at the same time. Output for shadow connections is just discarded, brokers only send data to their directly-connected clients. A security flaw was found in the way the Qpid C++ libraries implementation, used by AMQP client applications to exchange messages with an AMQP message broker using the AMQP protocol, performed authentication for certain shadow connections. An AMQP client application could issue a phoney shadow connection to the AMQP broker, leading into situation that AMQP broker to consider the connection it to be a legitimate connection from another AMQP broker, subsequently using NullAuthenticator mechanism for authentication, allowing the AMQP client application to bypass the authentication. This has been assigned the name CVE-2012-3467. References: https://issues.apache.org/jira/browse/QPID-3849 http://svn.apache.org/viewvc?view=revision&revision=1352992 https://bugzilla.redhat.com/show_bug.cgi?id=836276 Also, as a aide note, this affects (possibly Red Hat-specific naming convention) the qpid-cpp-server-cluster package, other qpid packages are not affected. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ