|
Message-Id: <18957144-3F90-4803-AA90-53D6900BDD80@sigma-star.at> Date: Sat, 7 Sep 2024 12:54:44 +0200 From: David Gstir <david@...ma-star.at> To: oss-security@...ts.openwall.com Subject: CVE-2024-45751: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92 ## Summary The user-space iSCSI target daemon of the Linux target framework (tgt) uses an insecure random number generator to generate CHAP authentication callenges. This results in predictable challenges which an attacker capable of recording network traffic between iSCSI target and initiator can abuse to bypass CHAP authentication by replaying previous responses. - *Identifier:* sigma-star-sa-2024-001 - *Type of vulnerability (CWE):* Use of cryptographically weak pseud-random number generator ([CWE-338](https://cwe.mitre.org/data/definitions/338.html)) - *Vendor:* - - *Product/Software:* [The Linux target framework (tgt)](https://github.com/fujita/tgt) - *Affected versions:* <= 1.0.92 - *Fixed versions:* 1.0.93 - *CVE ID:* CVE-2024-45751 ## Affected Product and Vendor > The Linux target framework (tgt) is a user space SCSI target framework that > supports the iSCSI and iSER transport protocols and that supports multiple > methods for accessing block storage. Tgt consists of user-space daemon and tools. Source: https://github.com/fujita/tgt/blob/e393a80b02b8cb90709c75f9bd91542ea3a78d58/README.md ## Description `tgt` supports CHAP for authenticating initiators. As defined in the [CHAP specification](https://datatracker.ietf.org/doc/html/rfc1994#section-2) the target generates a random challenge and sends it to the initiator. `tgt` fails to use a cryptographically secure random number generator for this. Instead it simply uses the [`rand()`](https://man7.org/linux/man-pages/man3/srand.3.html) call without setting a seed using `srand()` first. Thus the default seed (equivalent to `srand(1)`) will be used. This results in a predictable sequence of numbers being returned by subsequent calls to `rand()`. Note that even though `tgt` generates a random length for each challenge, this does not affect the predictability of challenges as these lengths will also be generated using predictable output of `rand()`. ```c static int chap_initiator_auth_create_challenge(struct iscsi_connection *conn) { char *value, *p; char text[CHAP_CHALLENGE_MAX * 2 + 8]; static int chap_id; int i; [...] /* * FIXME: does a random challenge length provide any benefits security- * wise, or should we rather always use the max. allowed length of * 1024 for the (unencoded) challenge? */ conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2; conn->auth.chap.challenge = malloc(conn->auth.chap.challenge_size); if (!conn->auth.chap.challenge) return CHAP_TARGET_ERROR; p = text; strcpy(p, "0x"); p += 2; for (i = 0; i < conn->auth.chap.challenge_size; i++) { conn->auth.chap.challenge[i] = rand(); sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]); p += 2; } text_key_add(conn, "CHAP_C", text); return 0; } ``` Source: https://github.com/fujita/tgt/blob/v1.0.92/usr/iscsi/chap.c#L333 ## Impact An attacker who is able to recording network traffic between iSCSI target and initiator can apply a replay attack to bypass the CHAP authentication. All the attacker has to do is wait for the server or the service to restart and replay with a previously record CHAP session which fits into the sequence. Having bypassed CHAP authentication, an attacker has full user privileges and can modify the iSCSI target at will within that user privileges. ## Mitigation We recommend replacing the pseudo-random number generator (`rand()`) with `getrandom()`as this will yield cryptographically secure pseudo-random numbers fitting for CHAP challenges. Version 1.0.93 contains this fix. ## Patches - https://github.com/fujita/tgt/pull/67/commits/abd8e0d987ab56013d360077202bf2aca20a42dd (chap: Use proper entropy source) ## Disclosure Timeline - 2024-09-03: Vulnerability disclosed to vendor - 2024-09-04: Patch submitted to vendor and version 1.0.93 released by vendor - 2024-09-07: Advisory published ## Credits - Richard Weinberger ([sigma star gmbh](https://sigma-star.at) - David Gstir ([sigma star gmbh](https://sigma-star.at)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.