what you don't know can hurt you

OSCI-Transport Library 1.2 Padding Oracle / Signature Wrapping / XXE Injection

OSCI-Transport Library 1.2 Padding Oracle / Signature Wrapping / XXE Injection
Posted Jun 30, 2017
Authored by Wolfgang Ettlinger, Marc Nimmerrichter | Site sec-consult.com

OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.

tags | advisory, vulnerability, xxe
advisories | CVE-2017-10668, CVE-2017-10669, CVE-2017-10670
MD5 | 852b54bfa71394caa84d2551937c6f52

OSCI-Transport Library 1.2 Padding Oracle / Signature Wrapping / XXE Injection

Change Mirror Download
We have published an accompanying blog post to this technical advisory with
further information:
German version with less technical details as an overview:
http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachstellen.html

English version containing more detailed attack scenario descriptions:
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html


SEC Consult Vulnerability Lab Security Advisory < 20170630-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: OSCI-Transport library 1.2 for German e-Government
vulnerable version: 1.6.1
fixed version: 1.7.1
CVE number: CVE-2017-10668 (Padding Oracle)
CVE-2017-10669 (Signature Wrapping)
CVE-2017-10670 (XXE)
impact: Critical
homepage: http://www.xoev.de
found: 01/2017
by: Wolfgang Ettlinger (Office Vienna)
Marc Nimmerrichter (Office Vienna)
SEC Consult Vulnerability Lab

An integrated part of SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich

https://www.sec-consult.com

=======================================================================

Vendor description:
-------------------
"Mit der Spezifikation des Protokolls OSCI-Transport in der Version 1.2 wird
ein sicheres, herstellerunabhA$?ngiges und interoperables Datenaustauschformat
beschrieben.

Um die Implementierung fA1/4r Anwender in der APffentlichen Verwaltung sowie der
Fachverfahrenshersteller zu erleichtern, wird die OSCI 1.2 Bibliothek angeboten:

Die Bibliothek implementiert OSCI-Transport in der Version 1.2 und ist damit
unabhA$?ngig von Fachinhalten. Sie ist Bestandteil der OSCI-Transport
Infrastruktur. Die OSCI-Transport-Bibliothek soll in Fachverfahren
(auf Verwaltungsseite) oder Clientsystemen (auf Kundenseite) implementiert
werden."

URL:
http://www.xoev.de/die_standards/osci_transport/osci_transport_1_2/osci_1_2_bibliothek-2310


Business recommendation:
------------------------
During a short security test, SEC Consult found several severe security
vulnerabilities in the OSCI 1.2 Transport library.

The OSCI 1.2 Transport library is intended to provide a secure message exchange
channel over an untrusted network (i.e. the Internet) for German government
agencies for eGovernment.

However, SEC Consult found that multiple vulnerabilities allow attackers to
decrypt encrypted messages as well as modify signed messages. Moreover, a
vulnerability can be used to read arbitrary files from any host that implements
the OSCI 1.2 transport protocol using this library.

SEC Consult recommends KoSIT and its partners to _immediately_ stop using the
OSCI 1.2 Transport library over untrusted networks. Moreover, a forensic
investigation should be conducted on all affected systems to investigate
whether the vulnerabilities have been exploited in the past.

The library should only be used again after a thorough source code security
review has been conducted and all vulnerabilities have been fixed. It is
quite likely that further vulnerabilities exist as there are indications for
potential XML injection flaws.


Vulnerability overview/description:
-----------------------------------
1) External Entity Injection (XXE) [CVE-2017-10670]
By sending manipulated XML data to any communication partner, an attacker is
able to conduct an XXE attack on the receiving system. This attack allows an
attacker to read arbitrary files from the file system of the victim host or to
conduct a denial of service attack.

2) Padding Oracle Attack [CVE-2017-10668]
The OCSI 1.2 Transport library only supports the following encryption
algorithms:
* http://www.w3.org/2001/04/xmlenc#tripledes-cbc
* http://www.w3.org/2001/04/xmlenc#aes128-cbc
* http://www.w3.org/2001/04/xmlenc#aes192-cbc
* http://www.w3.org/2001/04/xmlenc#aes256-cbc

All of these algorithms are no longer recommended by the W3C:
"Note: Use of AES GCM is strongly recommended over any CBC block encryption
algorithms as recent advances in cryptanalysis [...] have cast doubt on the
ability of CBC block encryption algorithms to protect plain text when used with
XML Encryption" (https://www.w3.org/TR/xmlenc-core1/)

Since the supported cipher algorithms do not provide protection against
modification (malleability) and the library reveals in an error message whether
decryption failed (error code 9202), SEC Consult was able to conduct a padding
oracle attack. This attack allows an attacker to bypass transport encryption.

3) Signature Wrapping attack [CVE-2017-10669]
By moving XML elements within the document tree, a signature wrapping attack can
be conducted. This allows an attacker to modify the contents of a signed message
arbitrarily without invalidating the signature.

4) Definition of a Deserialization Gadget
A class in the library defines the method readObject() that is used by Java to
deserialize a stream into an object. This method uses an XML parser to achieve
this. However, the XML parser used is configured to resolve external entities.
Therefore, an attacker who can influence data that deserialized by an
application can conduct an XXE attack (see finding 1).

Please note that the OSCI-Transport library only needs to be in the
classpath of an application - the vulnerable application does not need to
actually use the OSCI-Transport library! In order for this vulnerability to be
exploitable, an application needs to deserialize data that can be influenced by
an attacker.


Proof of concept:
-----------------
Due to the important role of the OSCI-Transport library in German e-Governemnt
we refrain from publishing proof of concept code at this time.


Vulnerable / tested versions:
-----------------------------
The OSCI 1.2 Transport library (osci-bibliothek.jar) in version 1.6.1 was found
to be vulnerable. This was the latest version at the time of discovery.


Vendor contact timeline:
------------------------
2017-01-16: Contacting CERT-Bund for coordination support with vendor and
German government agencies
2017-01-23: CERT-Bund informed us that vendor has been contacted; vulnerability
has been discussed; vendor wants to fix vulnerabilities as soon
as possible
2017-02-10: Requesting status update from CERT-Bund
2017-02-20: Received statement from Governikus detailing their risk estimation
based on an in-depth analysis of the vulnerabilities
2017-03-06: Proposing conference call to coordinate release of the advisory
2017-03-23: Conference call with BSI, Governikus, KoSIT; Discussing risks and
mitigating factors; advisory release date set for 2017-06-30; fixed
version has already been released
2017-03-31: Sending conference call protocol all participants
2017-04-07: Sending document with a list of all known potential attack scenarios
to BSI and Governikus
2017-06-07: Sending preliminary advisory to Governikus
2017-06-21: Sending updated list of known potential attack scenarios to BSI and
Governikus (XXE In-band scenario added)
2017-06-23: Coordinating advisory release with BSI
2017-06-30: Public release of the advisory


Solution:
---------
SEC Consult recommends to upgrade to the patched version of the OSCI Library
(1.7.1) as soon as possible.


Workaround:
-----------
None available


Advisory URL:
-------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

EOF W. Ettlinger, M. Nimmerrichter / @2017

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close