Bug 1213310 (CVE-2023-38200)

Summary: VUL-0: CVE-2023-38200: keylime: registrar is subject to a DoS against SSL connections
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372534/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-38200:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2023-07-14 07:19:31 UTC 
CVE-2023-38200

The Keylime Registrar is subject to a DoS attack against it's SSL connections because they are blocking and a fairly simple attack could exhaust all of the available connections.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38200
https://bugzilla.redhat.com/show_bug.cgi?id=2222692
Comment 2 Robert Frohl 2023-07-14 08:00:52 UTC 
https://github.com/keylime/keylime/pull/1421
Comment 4 Robert Frohl 2023-08-02 08:15:59 UTC 
Impact
Keylime registrar is prone to a simple denial of service attack in which an adversary opens a connection to the TLS port (by default, port 8891) blocking further, legitimate connections. As long as the connection is open, the registrar is blocked and cannot serve any further clients (agents and tenants), which prevents normal operation. The problem does not affect the verifier.

Patches
Users should upgrade to release 7.4.0

Credit
Reported by: Florian Kohnhäuser/@flozilla
Patched-by: Florian Kohnhäuser/@flozilla

https://github.com/keylime/keylime/security/advisories/GHSA-pg75-v6fp-8q59
Comment 5 Alberto Planas Dominguez 2023-08-02 09:40:26 UTC 
Update Factory and SUSE:SLE-15-SP4
Comment 7 Maintenance Automation 2023-08-08 20:30:14 UTC 
SUSE-SU-2023:3245-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213310
CVE References: CVE-2023-38200
Sources used:
openSUSE Leap 15.4 (src): keylime-6.3.2-150400.4.17.1
openSUSE Leap 15.5 (src): keylime-6.3.2-150400.4.17.1
Basesystem Module 15-SP4 (src): keylime-6.3.2-150400.4.17.1
Basesystem Module 15-SP5 (src): keylime-6.3.2-150400.4.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.