• Security Advisory YSA-2020-06

    Security Advisory YSA-2020-06 – Denial of service issues in yubihsm-shell

    Published Date: 2020-10-19
    Tracking ID: YSA-2020-06
    CVE: CVE-2020-24387CVE-2020-24388

    Summary

    The yubihsm library, included in the yubihsm-shell project, does not properly validate two message fields during device communication. A maliciously-crafted YubiHSM2 device, or someone with access to the HTTP traffic between a client and server handling the device, could cause the yubihsm library to crash.

    Affected products

    The yubihsm-shell project is included in the YubiHSM2 SDK product. All SDK versions prior to 2020.10 are thus affected. Note that several components included in the SDK depend on the yubihsm library from the yubihsm-shell project.

    Customer actions

    Check the version of yubihsm-shell:

    $ yubihsm-shell --version
    yubihsm-shell 2.0.2

    If you have 2.0.2 or below it means you are affected and we recommend upgrading to the latest YubiHSM2 SDK 2020.10 which comes with binaries for most common platforms.

    Mitigation

    To prevent an adversary from gaining access to communication in cases where the YubiHSM device is communicating over the internet, encrypt the connection. The use of mutual TLS is strongly recommended. To reduce the possibility of a maliciously-crafted YubiHSM device being introduced into a customer environment, HSMs should also be used with internal USB slots and in computers with appropriate physical and environmental controls.

    Technical details

    The first issue is that the yubihsm-shell library is not checking the range of the session id when parsing a response in yh_create_session(). If this id is out of bounds it will cause the code to index the sessions array out of bounds and later cause the address of the heap allocated session object to be written to the same place.

    The second issue is that the yubihsm-shell library does not correctly check the length field returned from the YubiHSM2 device in the function _send_secure_msg(). This could lead to an oversized memcpy() call that will crash the running process.

    The yubihsm-shell tool can talk to a YubiHSM2 device either over USB or over the network using the HTTP plugin. In the network case the server side is in most cases a yubishm-connector process which in turn talks to the actual YubiHSM. The protocol is not by default protected by TLS although the sessions are established cryptographically between the application and the YubiHSM2 using a symmetric mutual authentication scheme that is both encrypted and authenticated.

    A maliciously-crafted YubiHSM2 device, or someone with access to the HTTP traffic between a client and device, could cause the yubihsm library to crash.

    Downloads

    The latest source code release of yubihsm-shell can be found here. The latest version of the YubiHSM2 SDK which contains binaries for yubihsm-shell for most common platforms can be found here.

    Aggregate severity rating

    Yubico has rated these issues as Moderate based on maximum security impact. The base CVSS score for the first issue is 6.5 and for the second, 5.9.

    Acknowledgements

    On July 20, 2020, Christian Reitter notified Yubico of multiple security issues. We thank Christian Reitter for reporting these issues and working with us under coordinated vulnerability disclosure.

    Timeline

    July 20, 2020Christian Reitter reports issue to Yubico
    October 19, 2020Security Advisory is published