This week, we’ll discuss a few high-severity vulnerabilities in Linux kernel, Apache, and openssl.
ICMPv6 Denial of Service in Linux Kernel
CVE-2022-0742 allows anyone to send ICMPv6 messages of type 130 or 131 and exploit a memory leak in the kernel that causes the host to run out of memory. This vulnerability is noteworthy because an attacker can cause a denial of service for the entire system by sending only a few packets.
Root Cause – To find the root cause, the best place to look is the git commit history itself. The author of the fix initially found this while investigating why the function synchronize_net() was added inside of ipv6_mc_down(). The author of the commit found that igmp6_event_query() and igmp6_event_report() were dropping skbs, which are the data structures used by the linux kernel to hold information about packets. This vulnerability is still under analysis.
There are some caveats to this vulnerability:
- This does not affect any versions of Red Hat Enterprise Linux as the available kernels pre-date 5.13.
- The stable branch was affected.
The only possibility to fix this vulnerability is by updating the kernel. A patch to fix this vulnerability has already been applied upstream.
Apache Security Advisory
The vulnerability we will be primarily focusing on is CVE-2022-23943, but first we will quickly summarize the other CVEs in the advisory. The other vulnerabilities to come out in this advisory are CVE-2022-22720, a vulnerability that allows http requests smuggling. There is also CVE-2022-22721, which allows integer overflows on 32 bit systems if LimitXMLRequestBody in httpd.conf is greater than 350MB. CVE-2022-22719 causes a crash due to mod_lua having uninitialized variables.
mod_sed is an optional Apache module that is not installed or enabled by default on most Linux systems. It is used to replace text in web pages that Apache serves using a pattern, similar to how the sed command works.
CVE-2022-23943 is a memory corruption vulnerability that can cause a DoS. The memory corruption vulnerability comes from mod_sed. The exploit is triggered by sending large amounts of data through mod_sed filters. If the packet sent is larger than 2GB, a signed integer overflow will occur and cause a crash. If more than 4GB is sent then an integer overflow will also occur.
Root Cause – The root cause is from the function appendmem_to_linebuf when memcpy is called. The fix that was applied changed the buffer referenced in functions parameters to use apr_size_t instead of int. Apr_size_t allows for the use of a 4 byte signed int, and 8 bytes unsigned.
There are some caveats to this vulnerability:
- mod_sed is rarely used; and
- mod_sed needs to be manually installed and configured. It is usually not pulled in as a dependency for other packages.
The recommended remediations for this vulnerability include:
- Updating Apache to a version greater than 2.4.52
- Disabling mod_sed
A partial mitigation can be applied by setting LimitRequestBody 1073741824 in httpd.conf. However, this will only block malicious clients from sending a request greater than 2GB. An attacker may still be able to trigger mod_sed to read a file greater than 2GB, causing the exploit to occur.
Denial of Service in OpenSSL
OpenSSL is a library and command line program to manage, create, verify, and sign certificates. It is one of the oldest open source cryptography libraries and is used almost universally everywhere on linux systems.
OpenSSL uses the BN_mod_sqrt() function, which computes a modular square root. It contains a bug where non-prime moduli can loop forever. It is used in verifying certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. To craft a certificate to cause DoS, the attacker needs to modify a certificate that uses an elliptical curve with something like a hex editor to make it mathematically invalid.
Root Cause – The core of the vulnerability is in the parsing of EC keys with points in compressed format; while parsing this type of keys, OpenSSL will try to expand the compressed point, trying to compute a square root modulo the prime p over which the curve is defined. However, the primality of p is checked nowhere, not even in BN_mod_sqrt() for which it is a requirement; thus, a bug in the implementation will cause an infinite loop due to p not being prime as expected. The advisory for OpenSSL can be found here. Currently the patched versions are:
- OpenSSL 3.0.2
- OpenSSL 1.1.1n
- OpenSSL 1.0.2zd
Additionally, there are some caveats to successfully exploiting this vulnerability and the following conditions must be met:
- An attacker generates a certificate using elliptical curve cryptography with certain invalid parameters, or modifies an existing certificate.
- An attacker needs to get OpenSSL to verify the certificate, either through local access, or by providing it to a web application using mTLS that verifies user-provided certificates.