We have published an accompanying blog post to this technical advisory with further information: German version with less technical details as an overview: http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachstellen.html English version containing more detailed attack scenario descriptions: http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html SEC Consult Vulnerability Lab Security Advisory < 20170630-0 > ======================================================================= title: Multiple critical vulnerabilities product: OSCI-Transport library 1.2 for German e-Government vulnerable version: 1.6.1 fixed version: 1.7.1 CVE number: CVE-2017-10668 (Padding Oracle) CVE-2017-10669 (Signature Wrapping) CVE-2017-10670 (XXE) impact: Critical homepage: http://www.xoev.de found: 01/2017 by: Wolfgang Ettlinger (Office Vienna) Marc Nimmerrichter (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "Mit der Spezifikation des Protokolls OSCI-Transport in der Version 1.2 wird ein sicheres, herstellerunabhängiges und interoperables Datenaustauschformat beschrieben. Um die Implementierung für Anwender in der öffentlichen Verwaltung sowie der Fachverfahrenshersteller zu erleichtern, wird die OSCI 1.2 Bibliothek angeboten: Die Bibliothek implementiert OSCI-Transport in der Version 1.2 und ist damit unabhängig von Fachinhalten. Sie ist Bestandteil der OSCI-Transport Infrastruktur. Die OSCI-Transport-Bibliothek soll in Fachverfahren (auf Verwaltungsseite) oder Clientsystemen (auf Kundenseite) implementiert werden." URL: http://www.xoev.de/die_standards/osci_transport/osci_transport_1_2/osci_1_2_bibliothek-2310 Business recommendation: ------------------------ During a short security test, SEC Consult found several severe security vulnerabilities in the OSCI 1.2 Transport library. The OSCI 1.2 Transport library is intended to provide a secure message exchange channel over an untrusted network (i.e. the Internet) for German government agencies for eGovernment. However, SEC Consult found that multiple vulnerabilities allow attackers to decrypt encrypted messages as well as modify signed messages. Moreover, a vulnerability can be used to read arbitrary files from any host that implements the OSCI 1.2 transport protocol using this library. SEC Consult recommends KoSIT and its partners to _immediately_ stop using the OSCI 1.2 Transport library over untrusted networks. Moreover, a forensic investigation should be conducted on all affected systems to investigate whether the vulnerabilities have been exploited in the past. The library should only be used again after a thorough source code security review has been conducted and all vulnerabilities have been fixed. It is quite likely that further vulnerabilities exist as there are indications for potential XML injection flaws. Vulnerability overview/description: ----------------------------------- 1) External Entity Injection (XXE) [CVE-2017-10670] By sending manipulated XML data to any communication partner, an attacker is able to conduct an XXE attack on the receiving system. This attack allows an attacker to read arbitrary files from the file system of the victim host or to conduct a denial of service attack. 2) Padding Oracle Attack [CVE-2017-10668] The OCSI 1.2 Transport library only supports the following encryption algorithms: * http://www.w3.org/2001/04/xmlenc#tripledes-cbc * http://www.w3.org/2001/04/xmlenc#aes128-cbc * http://www.w3.org/2001/04/xmlenc#aes192-cbc * http://www.w3.org/2001/04/xmlenc#aes256-cbc All of these algorithms are no longer recommended by the W3C: "Note: Use of AES GCM is strongly recommended over any CBC block encryption algorithms as recent advances in cryptanalysis [...] have cast doubt on the ability of CBC block encryption algorithms to protect plain text when used with XML Encryption" (https://www.w3.org/TR/xmlenc-core1/) Since the supported cipher algorithms do not provide protection against modification (malleability) and the library reveals in an error message whether decryption failed (error code 9202), SEC Consult was able to conduct a padding oracle attack. This attack allows an attacker to bypass transport encryption. 3) Signature Wrapping attack [CVE-2017-10669] By moving XML elements within the document tree, a signature wrapping attack can be conducted. This allows an attacker to modify the contents of a signed message arbitrarily without invalidating the signature. 4) Definition of a Deserialization Gadget A class in the library defines the method readObject() that is used by Java to deserialize a stream into an object. This method uses an XML parser to achieve this. However, the XML parser used is configured to resolve external entities. Therefore, an attacker who can influence data that deserialized by an application can conduct an XXE attack (see finding 1). Please note that the OSCI-Transport library only needs to be in the classpath of an application - the vulnerable application does not need to actually use the OSCI-Transport library! In order for this vulnerability to be exploitable, an application needs to deserialize data that can be influenced by an attacker. Proof of concept: ----------------- Due to the important role of the OSCI-Transport library in German e-Governemnt we refrain from publishing proof of concept code at this time. Vulnerable / tested versions: ----------------------------- The OSCI 1.2 Transport library (osci-bibliothek.jar) in version 1.6.1 was found to be vulnerable. This was the latest version at the time of discovery. Vendor contact timeline: ------------------------ 2017-01-16: Contacting CERT-Bund for coordination support with vendor and German government agencies 2017-01-23: CERT-Bund informed us that vendor has been contacted; vulnerability has been discussed; vendor wants to fix vulnerabilities as soon as possible 2017-02-10: Requesting status update from CERT-Bund 2017-02-20: Received statement from Governikus detailing their risk estimation based on an in-depth analysis of the vulnerabilities 2017-03-06: Proposing conference call to coordinate release of the advisory 2017-03-23: Conference call with BSI, Governikus, KoSIT; Discussing risks and mitigating factors; advisory release date set for 2017-06-30; fixed version has already been released 2017-03-31: Sending conference call protocol all participants 2017-04-07: Sending document with a list of all known potential attack scenarios to BSI and Governikus 2017-06-07: Sending preliminary advisory to Governikus 2017-06-21: Sending updated list of known potential attack scenarios to BSI and Governikus (XXE In-band scenario added) 2017-06-23: Coordinating advisory release with BSI 2017-06-30: Public release of the advisory Solution: --------- SEC Consult recommends to upgrade to the patched version of the OSCI Library (1.7.1) as soon as possible. Workaround: ----------- None available Advisory URL: ------------- https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/Career.htm Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/About/Contact.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult EOF W. Ettlinger, M. Nimmerrichter / @2017
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature