Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove target i #2289

Merged
merged 3 commits into from
Dec 30, 2023
Merged

Remove target i #2289

merged 3 commits into from
Dec 30, 2023

Conversation

nicholasdille
Copy link
Contributor

No description provided.

Copy link

github-actions bot commented Dec 30, 2023

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/imgcrypt:1.1.9

📦 Image Reference ghcr.io/uniget-org/tools/imgcrypt:1.1.9
digestsha256:a1e808b259c8fda5237841943c0f5207d8161340257c88966a5cabcbab74aea0
vulnerabilitiescritical: 0 high: 0 medium: 3 low: 0 unspecified: 1
platformlinux/amd64
size26 MB
packages53
critical: 0 high: 0 medium: 1 low: 0 unspecified: 1github.com/go-jose/go-jose/v3 3.0.0 (golang)

pkg:golang/github.com/go-jose/go-jose/[email protected]

medium : GHSA--2c7c--3mj9--8fqh Uncontrolled Resource Consumption

Affected range<3.0.1
Fixed version3.0.1
Description

The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service.

unspecified : GMS--2023--4575 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range
Fixed versionv3.0.1
Description

The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service.

critical: 0 high: 0 medium: 1 low: 0 golang.org/x/crypto 0.14.0 (golang)

pkg:golang/golang.org/x/[email protected]

medium 5.9: CVE--2023--48795 Insufficient Verification of Data Authenticity

Affected range<0.17.0
Fixed version0.17.0
CVSS Score5.9
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Description

Summary

Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

Mitigations

To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes.

Warning: To take effect, both the client and server must support this countermeasure.

As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available.

Details

The SSH specifications of ChaCha20-Poly1305 ([email protected]) and Encrypt-then-MAC (*[email protected] MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario.

The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange.

In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers.

For more details see https://terrapin-attack.com.

Impact

This attack targets the specification of ChaCha20-Poly1305 ([email protected]) and Encrypt-then-MAC (*[email protected]), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario.

critical: 0 high: 0 medium: 1 low: 0 github.com/containerd/containerd 1.6.23 (golang)

pkg:golang/github.com/containerd/[email protected]

medium : GHSA--7ww5--4wqc--m92c

Affected range<=1.6.25
Fixed version1.6.26
Description

/sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via sysfs. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.

By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including AES-NI (potentially inside a SGX enclave) and KASLR (kernel address space layout randomization). Also known as the PLATYPUS attack, Intel assigned CVE-2020-8694 and CVE-2020-8695, and AMD assigned CVE-2020-12912.

Several mitigations were applied; Intel reduced the sampling resolution via a microcode update, and the Linux kernel prevents access by non-root users since 5.10. However, this kernel-based mitigation does not apply to many container-based scenarios:

  • Unless using user namespaces, root inside a container has the same level of privilege as root outside the container, but with a slightly more narrow view of the system
  • sysfs is mounted inside containers read-only; however only read access is needed to carry out this attack on an unpatched CPU

While this is not a direct vulnerability in container runtimes, defense in depth and safe defaults are valuable and preferred, especially as this poses a risk to multi-tenant container environments. This is provided by masking /sys/devices/virtual/powercap in the default mount configuration, and adding an additional set of rules to deny it in the default AppArmor profile.

While sysfs is not the only way to read from the RAPL subsystem, other ways of accessing it require additional capabilities such as CAP_SYS_RAWIO which is not available to containers by default, or perf paranoia level less than 1, which is a non-default kernel tunable.

References

Copy link

Copy link

PR is blocked and can not be merged. See https://github.com/uniget-org/tools/actions/runs/7366452624.

@nicholasdille nicholasdille merged commit ba87a7e into main Dec 30, 2023
41 checks passed
@nicholasdille nicholasdille deleted the remove-target-i branch December 30, 2023 21:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant