An gano wani mummunan rauni (CVE-2021-43527) a cikin NSS (Sabis na Tsaro na Yanar Gizo) na ɗakunan karatu da Mozilla suka haɓaka, wanda zai iya haifar da aiwatar da lambar maharin yayin sarrafa sa hannun dijital na DSA ko RSA-PSS da aka ƙayyade ta amfani da Hanyar rufaffiyar DER (Dokokin Rubutun Rarraba). An warware batun, mai suna BigSig, a cikin NSS 3.73 da NSS ESR 3.68.1. Ana samun sabuntawar fakiti a cikin rabawa don Debian, RHEL, Ubuntu, SUSE, Arch Linux, Gentoo, FreeBSD. Babu sabuntawa da akwai don Fedora tukuna.
Matsalar tana faruwa a aikace-aikacen da ke amfani da NSS don sarrafa CMS, S/MIME, PKCS #7 da PKCS #12 sa hannun dijital, ko lokacin tabbatar da takaddun shaida a aiwatar da TLS, X.509, OCSP da CRL. Rashin lahani na iya bayyana a cikin aikace-aikacen abokin ciniki da sabar daban-daban waɗanda ke tallafawa TLS, DTLS da S/MIME, abokan cinikin imel da masu kallon PDF waɗanda ke amfani da kiran NSS CERT_VerifyCertificate() don tabbatar da sa hannun dijital.
LibreOffice, Juyin Halitta da Evince an ambaci su azaman misalan aikace-aikace masu rauni. Mai yuwuwa, matsalar kuma na iya shafar ayyuka kamar Pidgin, Apache OpenOffice, Suricata, Curl, Chrony, Red Hat Directory Server, Red Hat Certificate System, mod_nss na Apache http uwar garken, Oracle Communications Saƙon Sabar, Oracle Directory Server Edition. Koyaya, rashin lafiyar baya bayyana a Firefox, Thunderbird da Tor Browser, waɗanda ke amfani da keɓantaccen ɗakin karatu na mozilla::pkix, wanda kuma aka haɗa cikin NSS, don tabbatarwa. Masu bincike na Chromium (sai dai idan an gina su da NSS na musamman), waɗanda suka yi amfani da NSS har zuwa 2015, amma kuma suka koma BoringSSL, matsalar kuma ba ta shafe su ba.
Rashin lahani yana faruwa ta hanyar kuskure a cikin lambar tabbatar da takaddun shaida a cikin aikin vfy_CreateContext daga fayil ɗin secvfy.c. Kuskuren yana faruwa duka lokacin da abokin ciniki ya karanta takaddun shaida daga uwar garken da lokacin da uwar garken ke aiwatar da takaddun shaida na abokin ciniki. Lokacin tabbatar da sa hannu na dijital DER-encoded, NSS tana yanke sa hannun cikin ƙayyadadden buffer mai girma kuma ta wuce ma'ajin zuwa tsarin PKCS #11. Yayin ci gaba da aiki, ba a bincika girman ba daidai ba don sa hannun DSA da RSA-PSS, wanda ke haifar da ambaliya na buffer da aka keɓe don tsarin VFYContextStr idan girman sa hannun dijital ya wuce 16384 bits (an ware 2048 bytes don buffer, amma ba a duba cewa sa hannun zai iya zama mafi girma)).
Za a iya gano lambar da ke ɗauke da raunin zuwa 2003, amma ba ta haifar da barazana ba har sai an sake gyarawa a cikin 2012. A cikin 2017, an yi kuskure iri ɗaya lokacin aiwatar da tallafin RSA-PSS. Don kai hari, ba a buƙatar samar da kayan aiki mai ƙarfi na wasu maɓalli don samun bayanan da suka dace, tun da ambaliya yana faruwa a matakin kafin a duba sa hannun dijital. Sashin bayanan da ya wuce iyakokin an rubuta shi zuwa wurin ƙwaƙwalwar ajiya wanda ke ɗauke da alamomi zuwa ayyuka, wanda ke sauƙaƙe ƙirƙirar abubuwan amfani.
Masu bincike daga Google Project Zero ne suka gano raunin yayin da suke gwaji tare da sabbin hanyoyin gwaji masu ban mamaki kuma kyakkyawan nuni ne na yadda raunin rashin ƙarfi na iya faruwa na dogon lokaci ba a gano shi ba a cikin sanannen aikin da aka gwada sosai:
- Ƙwararrun ƙungiyar tsaro tana kiyaye lambar NSS ta amfani da fasahar gwajin zamani da dabarun tantance kuskure. Akwai shirye-shirye da yawa a wurin don biyan lada mai mahimmanci don gano raunin da ke cikin NSS.
- NSS yana daya daga cikin ayyukan farko da aka fara shiga cikin shirin oss-fuzz na Google kuma an gwada shi a cikin tsarin gwajin fuzz na tushen libFuzzer na Mozilla.
- An duba lambar ɗakin karatu sau da yawa a cikin masu bincike daban-daban, gami da kulawa da sabis ɗin Rufin tun 2008.
- Har zuwa 2015, ana amfani da NSS a cikin Google Chrome kuma ƙungiyar Google ta tabbatar da kanta ba tare da Mozilla ba (tun 2015, Chrome ya koma BoringSSL, amma goyon bayan tashar tashar NSS ya rage).
Babban matsalolin da matsalar ta kasance ba a gano ta na dogon lokaci ba:
- An gudanar da ɗakin karatu na zamani na NSS da gwajin fuzzing ba gaba ɗaya ba, amma a matakin abubuwan da aka haɗa. Misali, an duba lambar don tantance DER da takaddun takaddun aiki daban-a lokacin da ake yin ruɗi, ana iya samun takaddun shaida wanda zai haifar da bayyanar rashin lafiyar da ake magana a kai, amma cak ɗinsa bai kai ga lambar tabbatarwa ba kuma matsalar ba ta samu ba. bayyana kanta.
- A lokacin gwajin fuzzing, an saita ƙayyadaddun ƙuntatawa akan girman fitarwa (bytes 10000) idan babu irin wannan ƙuntatawa a cikin NSS (yawancin tsarin da ke cikin yanayin al'ada na iya samun girman fiye da bytes 10000, don haka ana buƙatar ƙarin bayanan shigarwa don gano matsaloli) . Don cikakken tabbaci, iyakar yakamata ya kasance 224-1 bytes (16 MB), wanda yayi daidai da matsakaicin girman takardar shaidar da aka yarda a cikin TLS.
- Rashin fahimta game da rufe lambar gwajin fuzz. An gwada lambar mai rauni sosai, amma ta amfani da fuzzers waɗanda suka kasa samar da mahimman bayanan shigarwa. Misali, fuzzer tls_server_target ya yi amfani da ƙayyadaddun saiti na shirye-shiryen takaddun shaida, wanda ya iyakance rajistan lambar tabbatar da takaddun shaida zuwa saƙonnin TLS kawai da canje-canjen yanayin ƙa'ida.
source: budenet.ru