search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
175 stars 31 forks source link

RVD#926: SROS2 leaks node information, regardless of rtps_protection_kind setup #926

Open vmayoral opened 4 years ago

vmayoral commented 4 years ago 
{
    "id": 926,
    "title": "RVD#926: SROS2 leaks node information, regardless of rtps_protection_kind setup",
    "type": "vulnerability",
    "description": "We found that regardless of the rtps_protection_kind configuration, SROS 2 leaks ROS 2 node-related information. SROS2 provides the tools to generate and distribute keys for ROS 2 and use the underlying security plugins of DDS from ROS 2. This flaw follows from RVD#922 (https://github.com/aliasrobotics/RVD/issues/922) and exposes the underlying problem in the security tooling of ROS 2 that apparently leads to node information disclosure. At the time of reporting, this issue has been confirmed with FastRTPS DDS implementation as the underlying communication middleware of ROS 2.",
    "cwe": "CWE-200 (Information Exposure)",
    "cve": "CVE-2019-19627",
    "keywords": [
        "Robot Operating System 2",
        "ROS 2",
        "eloquent",
        "dashing"
    ],
    "system": "ros2",
    "vendor": "",
    "severity": {
        "rvss-score": 6.5,
        "rvss-vector": "RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:Z/S:U/C:N/I:N/A:H/H:N",
        "severity-description": "high",
        "cvss-score": 7.5,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
    },
    "links": [
        "https://ros-swg.github.io/ROSCon19_Security_Workshop/",
        "https://github.com/ros-swg/turtlebot3_demo",
        "https://github.com/aliasrobotics/RVD/issues/922",
        "https://github.com/ros2/sros2/issues/172",
        "https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd"
    ],
    "flaw": {
        "phase": "runtime-operation",
        "specificity": "ROS-specific",
        "architectural-location": "platform code",
        "application": "any ROS 2 node communicating",
        "subsystem": "cognition:middleware",
        "package": "sros2",
        "languages": "Python",
        "date-detected": null,
        "detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "detected-by-method": "runtime detection",
        "date-reported": "2019-12-06",
        "reported-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "reported-by-relationship": "security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/926",
        "reproducibility": "always",
        "trace": "N/A",
        "reproduction": "https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd",
        "reproduction-image": "Not available"
    },
    "exploitation": {
        "description": "A simple use of ros2cli allows to exploit this flaw. See https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd for a walkthrough.",
        "exploitation-image": "Not available",
        "exploitation-vector": "Not available"
    },
    "mitigation": {
        "description": "Ongoing discussion. For now, it's recommended to use static endpoints and avoid dynamic discovery to mitigate this flaw.",
        "pull-request": "https://github.com/ros2/sros2/issues/172 (issue, not PR)",
        "date-mitigation": ""
    }
}
vmayoral commented 4 years ago

Updated the mitigation.