|Summary:||CVE-2018-16875 golang: crypto/x509 allows for denial of service via crafted TLS client certificate|
|Product:||[Other] Security Response||Reporter:||Sam Fowler <sfowler>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||NEW ---||QA Contact:|
|Version:||unspecified||CC:||abhgupta, admiller, ahardin, amurdaca, bleanhar, bmontgom, ccoleman, dbaker, dbecker, dedgar, deparker, eparis, jburrell, jcajka, jgoulding, jjoyce, jokerman, jschluet, lemenkov, lhh, lpeer, mburns, mchappel, mmccomas, nstielau, renich, sclewis, security-response-team, sfowler, sisharma, slinaber, sponnaga, sthangav, tbielawa, trankin|
|Fixed In Version:||golang 1.10.6, golang 1.11.3||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1659290, 1659910, 1659911, 1659912, 1660381, 1661490, 1661491, 1661492, 1661493, 1661494, 1661495, 1663371, 1663381, 1664332, 1732081, 1732082, 1732083, 1732084|
Description Sam Fowler 2018-12-10 01:01:23 UTC
Go before versions 1.10.6 and 1.11.3 is vulnerable to a denial of service in crypto/x509.
Comment 1 Sam Fowler 2018-12-10 01:04:25 UTC
Comment 2 Sam Fowler 2018-12-11 00:54:21 UTC
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Comment 4 Sam Fowler 2018-12-14 02:01:11 UTC
Acknowledgments: Name: Dmitri Shuralyov (the Go team)
Comment 5 Sam Fowler 2018-12-14 02:01:21 UTC
Created golang tracking bugs for this issue: Affects: fedora-all [bug 1659290]
Comment 6 Joshua Padman 2018-12-17 02:15:33 UTC
The Red Hat OpenStack Operational Tools repository for OpenStack 8 and OpenStack 9 contains a version of golang that is not affected by this vulnerability. Additionally, golang, as provided in this repository is not supported.
Comment 8 Paul Harvey 2018-12-18 09:00:37 UTC
openshift-enterprise-3.11: malicious requests against the API server can lead to excessive CPU consumption and Denial of Service. Red Hat Product Security will update this flaw regarding other currently supported OpenShift releases shortly.
Comment 10 Paul Harvey 2018-12-18 09:13:37 UTC
Adjusted CVSSv3 AC:H -> AC:L
Comment 11 Paul Harvey 2018-12-19 10:10:46 UTC
Created attachment 1515545 [details] "oc describe" availability/throughput during 50x requests w/pathological certs This data is truncated for brevity: the test was started some 10s of seconds prior to the beginning of this time series. The test consisted of 50x backgrounded kubectl invocations with pathological client certificates against all three api masters (150 invocations, however with only 1 vCPU to process them). The data was logged with: [master-2 ~]$ while true; do date=$(date); oc describe node master-0 >/dev/null && echo "$date ok" || echo "$date FAIL"; sleep 1; done
Comment 12 Paul Harvey 2018-12-19 10:14:13 UTC
Created attachment 1515546 [details] "oc describe" availability/throughput during 50x requests w/no certs The test consisted of 50x backgrounded kubectl invocations without client certificates against all three api masters (150 invocations, however with only 1 vCPU to process them). The data was logged with: [master-2 ~]$ while true; do date=$(date); oc describe node master-0 >/dev/null && echo "$date ok" || echo "$date FAIL"; sleep 1; done
Comment 13 Paul Harvey 2018-12-19 10:37:57 UTC
openshift-enterprise-3.11: could not make master nodes NotReady w/~50 simultaneous kubectl requests (albeit only 1x vCPU). However, it was possible to create intermittent API availability issues: - [attachment 1515545 [details]] shows api performance during 50 kubectl requests using pathological certificates. It goes from ~30 reqs/min (1s sleep after each request) down to ~2 reqs/min. It also shows intermittent failure "Unable to connect to the server: unexpected EOF", and "Unable to connect to the server: net/http: TLS handshake timeout" - [attachment 1515546 [details]] shows api performance during 50 kubectl requests without any --certificate option. It stays steady at ~33 reqs/min (1s sleep after each request) for the duration of the test, which completes in around 1:10s. The kubectl invocations return with "Error from server (Forbidden): services is forbidden: User "system:anonymous" cannot list services in the namespace "kube-system": no RBAC policy matched" (as the node conducting the test is not authenticated). More vCPUs or an optimized client for generating the requests with pathological certificates may have resulted in more disruption. Reproducer, chain 200 long: 2018/12/19 05:28:02 1m28.287529165s Reproducer, chain 2 long: 2018/12/19 05:31:47 41.003984ms One naive interpretation of 88.2875s vs 0.0410s = factor of 2153 increase in work which a potential attacker can cause in TLS authentication.
Comment 14 Sam Fowler 2018-12-20 04:02:36 UTC
Comment 25 Tomas Hoger 2019-01-08 13:38:15 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 1664332] Created golang:1.10/golang tracking bugs for this issue: Affects: fedora-all [bug 1663381]
Comment 27 Huzaifa S. Sidhpurwala 2019-04-23 09:50:11 UTC
Statement: This issue affects the version of golang package in Red Hat Enterprise Linux 7. The golang package, previously available in the Optional channel, will no longer receive updates in Red Hat Enterprise Linux 7. Developers are encouraged to use the Go Toolset instead, which is available through the Red Hat Developer program. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/chap-red_hat_enterprise_linux-7.6_release_notes-deprecated_functionality_in_rhel7#idm139716309923696