[Libguestfs] nbdkit low priority security fix: TLS connections cause memory leak

Richard W.M. Jones rjones at redhat.com
Tue Dec 4 10:21:05 UTC 2018


As you may have seen if you've been following discussions on the
mailing list, we discovered a low priority security problem with
nbdkit's handling of TLS connections.

If TLS is enabled without either client certificate validation or PSK,
untrusted clients can connect, negotiate the TLS handshake, disconnect
and leak about 14K of memory each time.  So after tens of thousands to
millions of connections you can leak a substantial amount of memory,
likely resulting in nbdkit crashing, thus a denial of service attack.

TLS is enabled by default only if certificates are available.  Both
client certificate validation and PSK are disabled by default.  So the
server can default to being vulnerable once you've created
certificates, although it is probably not vulnerable in out of the box
configurations because I don't know any Linux distro which is
automatically creating TLS certs for nbdkit.

The upstream fix is:

  https://github.com/libguestfs/nbdkit/commit/baf10918f94b84185a27b4bb81cf3fdf2c4f6fe4

This has been backported to all stable branches, and is also available
in the following released versions:

  nbdkit >= 1.9.4
  nbdkit >= 1.8.2
  nbdkit >= 1.6.4
  nbdkit >= 1.4.4
  nbdkit >= 1.2.8
  all available here: http://download.libguestfs.org/nbdkit/

I'm making updated packages available for Fedora now.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html




More information about the Libguestfs mailing list