OpenStack Object Storage (swift)

[OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)

Series havana
Bug #1265665

Bug #1265665 reported by Samuel Merritt on 2014-01-02

256

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack Object Storage (swift)	Fix Released	Undecided	Unassigned	OpenStack Object Storage (swift) 1.12.0
Grizzly	Fix Committed	Undecided	Unassigned
Havana	Fix Committed	Undecided	Unassigned
OpenStack Security Advisory	Fix Released	Medium	Thierry Carrez

Bug Description

Swift's TempURL middleware compares a user-submitted string (HMAC digest) against a list of valid strings to determine whether or not to allow access to an object. The string comparison uses Python's builtin string comparison, which short-circuits evaluation on the first differing character, which may let an attacker perform timing analysis.

The attached patch changes the string comparison to be constant-time.

CVE References

2014-0006

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-01-02:

Use streq_const_time for hash comparison Edit (1.3 KiB, text/plain)

Revision history for this message

John Dickinson (notmyname) wrote on 2014-01-03:

+2 looks good to me

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-01-03:

For what verson of swift was the TempURL middleware introduced (assuming this vulnerability was introduced along with it)?

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-01-03:

Looks like TempURL came in with Swift 1.4.6, which was released in Feb 2012.

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-01-03:

Okay, so that means Essex from an integrated release perspective? In that case we're going to need stable/grizzly and stable/havana series tasks and backport patches.

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-03:

That means create a backport for 1.8.0 (stable/grizzly) and 1.10.0 (stable/havana)

Changed in ossa:
status:	New → Confirmed

Thierry Carrez (ttx) on 2014-01-03

Changed in ossa:
importance:	Undecided → Medium

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-01-03:

1.10.0-patch.diff Edit (2.3 KiB, text/plain)

Patch for 1.10

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-01-03:

1.8.0-patch.diff Edit (1.6 KiB, text/plain)

Patch for 1.8.0

Thierry Carrez (ttx) on 2014-01-06

Changed in swift:
status:	New → In Progress

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-06:

Proposed impact description:

----------------------------------------------------------
Title: Swift TempURL timing attack
Reporter: Samuel Merritt (SwiftStack)
Products: Swift
Affects: All supported versions

Description:
Samuel Merritt from SwiftStack reported a timing attack vulnerability in Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to files that were only intended to be publicly shared with specific recipients. Only Swift setups enabling the TempURL middleware are affected.
----------------------------------------------------------

Changed in ossa:
status:	Confirmed → Triaged
assignee:	nobody → Thierry Carrez (ttx)

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-01-06:

#10

That impact description looks fine to me. Would it help at all (from a risk identification perspective) to point out that this exploit involves identifying objects at random, and so poses additional hurdles for any sort of targeted attack (needle in haystack situation)?

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-01-06:

#11

I think that yes, it would be helpful to mention that an object name must already be known in order to use this attack.

Also, the object's account must have a TempURL key set (X-Account-Meta-Temp-URL-Key or X-Account-Meta-Temp-URL-Key-2) in order for this to work; without that, there are no valid signatures at all, so no amount of timing analysis will help.

Revision history for this message

clayg (clay-gerrard) wrote on 2014-01-07:

#12

Patches all checkout for me. I didn't attempt a timing attack but the changes seem reasonable. +2

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-07:

#13

New version

----------------------------------------------------------
Title: Swift TempURL timing attack
Reporter: Samuel Merritt (SwiftStack)
Products: Swift
Affects: All supported versions

Description:
Samuel Merritt from SwiftStack reported a timing attack vulnerability in Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to objects that were only intended to be publicly shared with specific recipients. In order to use this attack, the attacker needs to know the targeted object name, and the object account needs to have a TempURL key set. Only Swift setups enabling the TempURL middleware are affected.
----------------------------------------------------------

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-01-07:

#14

Thierry's updated impact description in comment #13 looks good.

Revision history for this message

Samuel Merritt (torgomatic) wrote on 2014-01-07:

#15

Text looks good to me.

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-09:

#16

CVE requested

Changed in ossa:
status:	Triaged → In Progress

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-10:

#17

CVE-2014-0006

summary:

- Possible timing attack against tempurl
+ Possible timing attack against tempurl (CVE-2014-0006)

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-10: Re: Possible timing attack against tempurl (CVE-2014-0006)

#18

@John, Samuel: how about we set the coordinated disclosure date to Thursday, January 16th ? That gives us a few days to merge it and make it part of Swift 1.12.0

Revision history for this message

John Dickinson (notmyname) wrote on 2014-01-10:

#19

Thierry's plan is good +1

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-10:

#20

pre-OSSA sent
Proposed public disclosure date/time: Thursday, January 16, 1500UTC.

Changed in ossa:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-01-16

Changed in swift:
milestone:	none → 1.12.0

Thierry Carrez (ttx) on 2014-01-16

information type:

Private Security → Public Security

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-17: Fix merged to swift (master)

#21

Reviewed: https://review.openstack.org/67185
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=754633988931e4095530f6b13389c254096eb485
Submitter: Jenkins
Branch: master

commit 754633988931e4095530f6b13389c254096eb485
Author: Samuel Merritt <email address hidden>
Date: Thu Jan 16 13:40:53 2014 +0100

Use constant time comparison in tempURL

Use constant time comparison when evaluating tempURL to avoid timing
attacks (CVE-2014-0006).

Fixes bug 1265665

Change-Id: I11e4ad83cc4077e52adf54a0bd0f9749294b2a48

Changed in swift:
status:	In Progress → Fix Committed

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-01-17: Re: Possible timing attack against tempurl (CVE-2014-0006)

#22

[OSSA 2014-002]

summary:

- Possible timing attack against tempurl (CVE-2014-0006)
+ [OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)

Thierry Carrez (ttx) on 2014-01-22

Changed in swift:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-25: Fix merged to swift (stable/havana)

#23

Reviewed: https://review.openstack.org/67186
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=b2c61375b3255486adb2900922a894dc7dad3c6d
Submitter: Jenkins
Branch: stable/havana

commit b2c61375b3255486adb2900922a894dc7dad3c6d
Author: Samuel Merritt <email address hidden>
Date: Thu Jan 16 13:44:23 2014 +0100

Use constant time comparison in tempURL

    Use constant time comparison when evaluating tempURL to avoid timing
    attacks (CVE-2014-0006). This is the havana backport of the master
    patch.

Fixes bug 1265665

Change-Id: I11e4ad83cc4077e52adf54a0bd0f9749294b2a48

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-25: Fix merged to swift (stable/grizzly)

#24

Reviewed: https://review.openstack.org/67187
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=c0eed792a22865b280f99cbb79076fa7ad19fcbb
Submitter: Jenkins
Branch: stable/grizzly

commit c0eed792a22865b280f99cbb79076fa7ad19fcbb
Author: Samuel Merritt <email address hidden>
Date: Thu Jan 16 13:45:52 2014 +0100

Use constant time comparison in tempURL

    Use constant time comparison when evaluating tempURL to avoid timing
    attacks (CVE-2014-0006). This is the grizzly backport of the master
    patch.

Fixes bug 1265665

Change-Id: I11e4ad83cc4077e52adf54a0bd0f9749294b2a48

Thierry Carrez (ttx) on 2014-01-27