[OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)

Bug #1265665 reported by Samuel Merritt on 2014-01-02
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Undecided
Unassigned
Grizzly
Undecided
Unassigned
Havana
Undecided
Unassigned
OpenStack Security Advisory
Medium
Thierry Carrez

Bug Description

Swift's TempURL middleware compares a user-submitted string (HMAC digest) against a list of valid strings to determine whether or not to allow access to an object. The string comparison uses Python's builtin string comparison, which short-circuits evaluation on the first differing character, which may let an attacker perform timing analysis.

The attached patch changes the string comparison to be constant-time.

CVE References

John Dickinson (notmyname) wrote :

+2 looks good to me

Jeremy Stanley (fungi) wrote :

For what verson of swift was the TempURL middleware introduced (assuming this vulnerability was introduced along with it)?

Samuel Merritt (torgomatic) wrote :

Looks like TempURL came in with Swift 1.4.6, which was released in Feb 2012.

Jeremy Stanley (fungi) wrote :

Okay, so that means Essex from an integrated release perspective? In that case we're going to need stable/grizzly and stable/havana series tasks and backport patches.

Thierry Carrez (ttx) wrote :

That means create a backport for 1.8.0 (stable/grizzly) and 1.10.0 (stable/havana)

Changed in ossa:
status: New → Confirmed
Thierry Carrez (ttx) on 2014-01-03
Changed in ossa:
importance: Undecided → Medium
Samuel Merritt (torgomatic) wrote :

Patch for 1.10

Samuel Merritt (torgomatic) wrote :

Patch for 1.8.0

Thierry Carrez (ttx) on 2014-01-06
Changed in swift:
status: New → In Progress
Thierry Carrez (ttx) wrote :

Proposed impact description:

----------------------------------------------------------
Title: Swift TempURL timing attack
Reporter: Samuel Merritt (SwiftStack)
Products: Swift
Affects: All supported versions

Description:
Samuel Merritt from SwiftStack reported a timing attack vulnerability in Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to files that were only intended to be publicly shared with specific recipients. Only Swift setups enabling the TempURL middleware are affected.
----------------------------------------------------------

Changed in ossa:
status: Confirmed → Triaged
assignee: nobody → Thierry Carrez (ttx)
Jeremy Stanley (fungi) wrote :

That impact description looks fine to me. Would it help at all (from a risk identification perspective) to point out that this exploit involves identifying objects at random, and so poses additional hurdles for any sort of targeted attack (needle in haystack situation)?

Samuel Merritt (torgomatic) wrote :

I think that yes, it would be helpful to mention that an object name must already be known in order to use this attack.

Also, the object's account must have a TempURL key set (X-Account-Meta-Temp-URL-Key or X-Account-Meta-Temp-URL-Key-2) in order for this to work; without that, there are no valid signatures at all, so no amount of timing analysis will help.

clayg (clay-gerrard) wrote :

Patches all checkout for me. I didn't attempt a timing attack but the changes seem reasonable. +2

Thierry Carrez (ttx) wrote :

New version

----------------------------------------------------------
Title: Swift TempURL timing attack
Reporter: Samuel Merritt (SwiftStack)
Products: Swift
Affects: All supported versions

Description:
Samuel Merritt from SwiftStack reported a timing attack vulnerability in Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to objects that were only intended to be publicly shared with specific recipients. In order to use this attack, the attacker needs to know the targeted object name, and the object account needs to have a TempURL key set. Only Swift setups enabling the TempURL middleware are affected.
----------------------------------------------------------

Jeremy Stanley (fungi) wrote :

Thierry's updated impact description in comment #13 looks good.

Samuel Merritt (torgomatic) wrote :

Text looks good to me.

Thierry Carrez (ttx) wrote :

CVE requested

Changed in ossa:
status: Triaged → In Progress
Thierry Carrez (ttx) wrote :

CVE-2014-0006

summary: - Possible timing attack against tempurl
+ Possible timing attack against tempurl (CVE-2014-0006)

@John, Samuel: how about we set the coordinated disclosure date to Thursday, January 16th ? That gives us a few days to merge it and make it part of Swift 1.12.0

John Dickinson (notmyname) wrote :

Thierry's plan is good +1

Thierry Carrez (ttx) wrote :

pre-OSSA sent
Proposed public disclosure date/time: Thursday, January 16, 1500UTC.

Changed in ossa:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2014-01-16
Changed in swift:
milestone: none → 1.12.0
Thierry Carrez (ttx) on 2014-01-16
information type: Private Security → Public Security

Reviewed: https://review.openstack.org/67185
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485
Submitter: Jenkins
Branch: master

commit 754633988931e4095530f6b13389c254096eb485
Author: Samuel Merritt <email address hidden>
Date: Thu Jan 16 13:40:53 2014 +0100

    Use constant time comparison in tempURL

    Use constant time comparison when evaluating tempURL to avoid timing
    attacks (CVE-2014-0006).

    Fixes bug 1265665

    Change-Id: I11e4ad83cc4077e52adf54a0bd0f9749294b2a48

Changed in swift:
status: In Progress → Fix Committed

[OSSA 2014-002]

summary: - Possible timing attack against tempurl (CVE-2014-0006)
+ [OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)
Thierry Carrez (ttx) on 2014-01-22
Changed in swift:
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/67186
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d
Submitter: Jenkins
Branch: stable/havana

commit b2c61375b3255486adb2900922a894dc7dad3c6d
Author: Samuel Merritt <email address hidden>
Date: Thu Jan 16 13:44:23 2014 +0100

    Use constant time comparison in tempURL

    Use constant time comparison when evaluating tempURL to avoid timing
    attacks (CVE-2014-0006). This is the havana backport of the master
    patch.

    Fixes bug 1265665

    Change-Id: I11e4ad83cc4077e52adf54a0bd0f9749294b2a48

Reviewed: https://review.openstack.org/67187
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb
Submitter: Jenkins
Branch: stable/grizzly

commit c0eed792a22865b280f99cbb79076fa7ad19fcbb
Author: Samuel Merritt <email address hidden>
Date: Thu Jan 16 13:45:52 2014 +0100

    Use constant time comparison in tempURL

    Use constant time comparison when evaluating tempURL to avoid timing
    attacks (CVE-2014-0006). This is the grizzly backport of the master
    patch.

    Fixes bug 1265665

    Change-Id: I11e4ad83cc4077e52adf54a0bd0f9749294b2a48

Thierry Carrez (ttx) on 2014-01-27
Changed in ossa:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers