Bug 1193998 - (CVE-2021-43310) VUL-0: CVE-2021-43310: keylime: Arbitrary Remote Code Execution via Unauthenticated Bootstrap Interface
VUL-0: CVE-2021-43310: keylime: Arbitrary Remote Code Execution via Unauthent...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Audits
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
Blocks: 1191739
  Show dependency treegraph
Reported: 2021-12-22 11:05 UTC by Matthias Gerstner
Modified: 2022-02-18 09:52 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2021-12-22 11:05:25 UTC
This bug is used to keep track of the keylime review report issue 2.c:

It looks like it is possible to simply post arbitrary new values for the U and
V key parts and provide a new configuration payload to the agent, only knowing
the agent's UUID. The agent's UUID can be public or semi-public information
like when `agent_uuid=hostname` is configured. From the Keylime paper [2,
section 3.2.2] it sounds like the UUID HMAC check is not considered a security
feature but only a sanity check:

> This provides the node with a quick check to determine if Kb is correct.

When `extract_payload_script=true` (default) and `payload_script=autorun.sh`
(default) are configured in `keylime.conf` then the provided payload will be
unzipped and a potentially contained `autorun.sh` script is executed with full
root privileges. Attached you can find a reproducer script `post_key.py` that
demonstrates the issue by creating a file `/tmp/evil` on the agent host by
only providing the agent hostname and UUID as input parameters.

Even if `payload_script` is disabled then the extraction of a ZIP file as
_root_ might result in a remote root exploit by extracting files outside of
the intended target directory. I did not test this variant of the attack
vector, though. Furthermore by providing a ZIP bomb as payload the agent
process can be subjected to a remote DoS through memory exhaustion.

Retrieving the full symmetric key previously stored in
`/var/lib/keylime/secure/derived_tci_key` should not be possible this way,
because when performing the bootstrap protocol, the previous data is removed
`keylime_agent.py:242`. A skillful attacker might attempt to first compromise
the agent node and then wait for the tenant to re-deploy the agent using
authentic keys and payload. Should this happen then the attacker can obtain
the secret symmetric key from the compromised agent node after all.

Similar to issue b) I recommend to somehow authenticate and cryptographically
secure this agent interface to prevent these attacks. As a hotfix disabling
the relevant configuration features should at least prevent the remote code
execution and memory exhaustion attack vectors. Setting non-predictable UUID
values can also help (but one should also consider item 3.a in this context).
Even then this interface still allows to disrupt the operational state of the
agent host by simply overwriting its current configuration.

[3]: https://www.ll.mit.edu/sites/default/files/publication/doc/2018-04/2016_12_07_SchearN_ACSAC_FP.pdf
Comment 1 Matthias Gerstner 2022-01-26 09:23:37 UTC
The issue has been confirmed by upstream and CVE-2021-43310 has been assigned.

The issue has been discovered in parallel by Thore Sommer, an upstream
developer that did a security review as well.
Comment 3 Matthias Gerstner 2022-01-28 09:31:17 UTC
the issue is public now via the following security advisory:

Comment 4 Gianluca Gabrielli 2022-02-18 09:52:46 UTC
Fixed in version 6.3.0 and both SLE-15-SP4 and Factory are updated.