Closed CiscoTalos closed 4 years ago
This is a bug that IPv6 local address is not initialized when binding an IPv6 socket.
Thanks for catching it!
You're welcome. We will make not of the fix on our end via public disclosure.
Based on the closing of this ticket and comment acknowledging the fix, we will consider this issue resolved on your end and prepare for public disclosure.
This appear to be CVE-2019-5163.
@madeye @CiscoTalos What if I don't want to use aead ciphers? Obviously a better solution is to close the file descriptor (and better report_addr
) instead of exiting.
TALOS-2019-0956 CVE-2019-5163
Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability
Summary
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a
local_address
, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.Tested Versions
Shadowsocks-libev 3.3.2
Product URLs
https://shadowsocks.org/en/index.html
CVSSv3 Score
5.9 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-306: Missing Authentication for Critical Function
Details
Shadowsocks is a multi-platform and easy to use socks proxy with a focus on censorship evasion, thus highly popular in countries with restrictive internet policies. For the purposes of this advisory, we will be focusing on Shadowsocks-libev, a pure C implementation for lower end and embedded devices.
For a basic usecase and overview of ShadowSocks-libev, a setup like the following is required:
A given laptop or home network will have an
ss-local
instance which listens on a given port and then forwards all traffic out via a specific encryption method specified in a configuration file or command-line argument. Both thess-local
instance andss-server
must have the same parameters in order for the setup to work, and an example configuration file might look like:To get more specific into what attack surface is being examined (since there's 2 ports for both
ss-local
andss-remote
), the[-_-]^
above designates the attack surface, thess-server
port that is accessible from the internet. Ideally, when a user has configured their browser of choice to use the Shadowsocks proxy,ss-local
will read in the http or https request, encrypt it, and then send it off to thess-server
instance. Thess-server
instance will decrypt the packet and then send it off to wherever it needs to go, which is specified in the message as either an ipv4, ipv6, or hostname.It is very important to note that this particular vulnerability is only exploitable if three conditions are met.
First, ss-server must be using a stream cipher. Depending on the cipher mode chosen, encryption and decryption can be done many ways, but the most important decision is whether to use a stream cipher or an AEAD cipher. Normal stream ciphers only provide confidentiality and no sort of authentication or integrity checks, unlike the AEAD ciphers which provide all three. As mentioned in the documentation, it is recommended that users use AEAD ciphers whenever possible: https://shadowsocks.org/en/spec/AEAD-Ciphers.html, and this advisory will hopefully demonstrate another reason why.
The second precondition needed is that the user is using the UDPRelay functionality.
The third precondition is either that the
local_address
field is set in the shadowsocks configuration, or that ss-server is run with the-b <ip_address>
flag. This option is used to prevent shadowsocks from sending decrypted traffic out interfaces that it shouldn't be.Assuming that these three conditions (udprelay, local_address, stream cipher), an attacker can spam arbitrary UDP data to the ss-server and it will exit on its own:
The code involved in this exit can be found around
udprelay.c:380
:If the address given by the udp back matches that of the configuration option (in this case "127.0.0.1"), then all is fine:
But if the socket parameters passed are all 0, the error occurs:
Mitigation
Timeline
2019-11-08 - Vendor Disclosure YYYY-MM-DD - Public Release