Security Advisory YSA-2020-06 – Denial of service issues in yubihsm-shell
The yubihsm library, included in the yubihsm-shell project, does not properly validate two message fields during device communication. A maliciously-crafted YubiHSM2 device, or someone with access to the HTTP traffic between a client and server handling the device, could cause the yubihsm library to crash.
The yubihsm-shell project is included in the YubiHSM2 SDK product. All SDK versions prior to 2020.10 are thus affected. Note that several components included in the SDK depend on the yubihsm library from the yubihsm-shell project.
Check the version of yubihsm-shell:
$ yubihsm-shell --version
If you have 2.0.2 or below it means you are affected and we recommend upgrading to the latest YubiHSM2 SDK 2020.10 which comes with binaries for most common platforms.
To prevent an adversary from gaining access to communication in cases where the YubiHSM device is communicating over the internet, encrypt the connection. The use of mutual TLS is strongly recommended. To reduce the possibility of a maliciously-crafted YubiHSM device being introduced into a customer environment, HSMs should also be used with internal USB slots and in computers with appropriate physical and environmental controls.
The first issue is that the yubihsm-shell library is not checking the range of the session id when parsing a response in yh_create_session(). If this id is out of bounds it will cause the code to index the sessions array out of bounds and later cause the address of the heap allocated session object to be written to the same place.
The second issue is that the yubihsm-shell library does not correctly check the length field returned from the YubiHSM2 device in the function _send_secure_msg(). This could lead to an oversized memcpy() call that will crash the running process.
The yubihsm-shell tool can talk to a YubiHSM2 device either over USB or over the network using the HTTP plugin. In the network case the server side is in most cases a yubishm-connector process which in turn talks to the actual YubiHSM. The protocol is not by default protected by TLS although the sessions are established cryptographically between the application and the YubiHSM2 using a symmetric mutual authentication scheme that is both encrypted and authenticated.
A maliciously-crafted YubiHSM2 device, or someone with access to the HTTP traffic between a client and device, could cause the yubihsm library to crash.
Aggregate severity rating
On July 20, 2020, Christian Reitter notified Yubico of multiple security issues. We thank Christian Reitter for reporting these issues and working with us under coordinated vulnerability disclosure.
|July 20, 2020||Christian Reitter reports issue to Yubico|
|October 19, 2020||Security Advisory is published|