Search This Blog

Showing posts with label DoS. Show all posts

CyRC Identifies Three Major DoS Flaws in Popular Open Source Message Brokers


Synopsys Cybersecurity Research Centre (CyRC) has warned organizations of easily triggered denial-of-service (DoS) vulnerabilities in three widely used open-source message brokers: RabbitMQ, EMQ X, and VerneMQ. 

A message broker is a software that enables applications, systems, and services to communicate with each other and exchange information by translating messages between formal messaging protocols. It is responsible for managing IoT devices like smart home hubs and door locks via common protocol: Message Queuing Telemetry Transport (MQTT). 

MQTT, first released in 1999 is responsible for managing oil pipelines and a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

“Message brokers can be the nerve center of a complex system. If the message broker isn't working, then the various components of the system cannot communicate. Whatever services are provided by that system are unavailable until the message broker is restored,” Jonathan Knudsen, the researcher who identified the vulnerabilities, told SecurityWeek. 

Jonathan Knudsen identified that specially crafted MQTT messages can cause excessive memory consumption in RabbitMQ (owned by VMware), EMQ X, and VerneMQ, leading to the operating system terminating the application.

“These vulnerabilities can be exploited by any system that has access to the message broker. The broker can be configured to require authentication or refuse connections from unrecognized endpoints which would limit external attacks. But for an attacker with access to one of the vulnerable message brokers, the vulnerabilities can be exploited simply by delivering a badly formed network packet, which can be done with a very simple script,” Knudsen explained.

According to EMQ, its message broker has been installed more than 2 million times and it has over 5,000 users globally. RabbitMQ claims to have tens of thousands of users, including small startups and large enterprises. VerneMQ is used by companies such as Microsoft, Volkswagen, Siemens, and Swisscom.

Knudsen and CyRC privately disclosed the flaws to the project maintainers back in March, and all three have now been patched. RabbitMQ users are advised to upgrade to version 3.8.16 or above; EMQ X users to version 4.2.8 or above, and VerneMQ users to version 1.12.0 or above.

Critical Security Vulnerability Patched By VMware

VMware Inc. a publicly-traded software company recently fixed a critical security vulnerability that permitted the malicious attackers to access sensitive data.

The vulnerability as indicated by them resides in the VMware Directory Service (vmdir) which is a part of vCenter Server version 6.7 on Windows and virtual appliances. Known and tracked as CVE-2020-3952, it is evaluated as critical and gets a CVSSv3 score of 10.

In certain conditions, the vmdir doesn't actualize appropriate security controls, which permits attackers with network access to get to the sensitive data.

By utilizing the obtained information the attacker can compromise vCenter Server or various other services that rely upon vmdir for authentication.

In March VMware tended to high severity privilege escalation and DoS in the Workstation, Fusion, VMware Remote Console and Horizon Client and furthermore published KB article 78543 for additional details if a vCenter Server 6.7 deployment is influenced in any way.

 It is recommended for the user on the off chance that they are utilizing vCenter Server version 6.7, to update with 6.7u3f to fix the aforementioned critical vulnerability.

Here is the example log to check with influenced deployments.

2020-04-06T17:50:41.860526+00:00 data vmdird t@139910871058176: leg tendon MODE: Heritage  

VMware lastly mentioned that “Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.”