Security Advisory YSA-2020-06 – Denial of service issues in yubihsm-shell

Published Date: 2020-10-19
Tracking ID: YSA-2020-06
CVE: CVE-2020-24387, CVE-2020-24388

Summary

The yubihsm library, included in the yubihsm-shell project, does not properly validate two message fields during device communication. A maliciously-crafted YubiHSM2 device, or someone with access to the HTTP traffic between a client and server handling the device, could cause the yubihsm library to crash.

Affected products

The yubihsm-shell project is included in the YubiHSM2 SDK product. All SDK versions prior to 2020.10 are thus affected. Note that several components included in the SDK depend on the yubihsm library from the yubihsm-shell project.

Customer actions

Check the version of yubihsm-shell:

$ yubihsm-shell --version
yubihsm-shell 2.0.2

If you have 2.0.2 or below it means you are affected and we recommend upgrading to the latest YubiHSM2 SDK 2020.10 which comes with binaries for most common platforms.

Mitigation

To prevent an adversary from gaining access to communication in cases where the YubiHSM device is communicating over the internet, encrypt the connection. The use of mutual TLS is strongly recommended. To reduce the possibility of a maliciously-crafted YubiHSM device being introduced into a customer environment, HSMs should also be used with internal USB slots and in computers with appropriate physical and environmental controls.

Technical details

The first issue is that the yubihsm-shell library is not checking the range of the session id when parsing a response in yh_create_session(). If this id is out of bounds it will cause the code to index the sessions array out of bounds and later cause the address of the heap allocated session object to be written to the same place.

The second issue is that the yubihsm-shell library does not correctly check the length field returned from the YubiHSM2 device in the function _send_secure_msg(). This could lead to an oversized memcpy() call that will crash the running process.

The yubihsm-shell tool can talk to a YubiHSM2 device either over USB or over the network using the HTTP plugin. In the network case the server side is in most cases a yubishm-connector process which in turn talks to the actual YubiHSM. The protocol is not by default protected by TLS although the sessions are established cryptographically between the application and the YubiHSM2 using a symmetric mutual authentication scheme that is both encrypted and authenticated.

A maliciously-crafted YubiHSM2 device, or someone with access to the HTTP traffic between a client and device, could cause the yubihsm library to crash.

Downloads

The latest source code release of yubihsm-shell can be found here. The latest version of the YubiHSM2 SDK which contains binaries for yubihsm-shell for most common platforms can be found here.

Aggregate severity rating

Yubico has rated these issues as Moderate based on maximum security impact. The base CVSS score for the first issue is 6.5 and for the second, 5.9.

Acknowledgements

On July 20, 2020, Christian Reitter notified Yubico of multiple security issues. We thank Christian Reitter for reporting these issues and working with us under coordinated vulnerability disclosure.

Timeline

July 20, 2020 Christian Reitter reports issue to Yubico
October 19, 2020 Security Advisory is published