Multiple vulnerabilities in KoSIT OSCI-Transport Library



Published: 2017-07-05
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2017-10668
CVE-2017-10669
CVE-2017-10670
CWE-ID CWE-696
CWE-776
CWE-611
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
OSCI-Transport Library
Universal components / Libraries / Libraries used by multiple products

Vendor KoSIT

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Padding oracle attack

EUVDB-ID: #VU7318

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10668

CWE-ID: CWE-696 - Incorrect Behavior Order

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct a padding oracle attack.

The weakness exists in the encryption library due to a flaw in implementation of a number of deprecated encryption algorithms (Triple DES, AES 129, AES 192, and AES 256, all in CBC mode). A remote attacker can conduct man-in-the-middle attack to analyse the CBC mode padding and decrypt the transport encryption.

Successful exploitation of the vulnerability results in decryption of the transport encryption.

Mitigation

Update to version 1.7.1.

Vulnerable software versions

OSCI-Transport Library: 1.6.1


CPE2.3 External links

http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Signature wrapping attack

EUVDB-ID: #VU7319

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10669

CWE-ID: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct a signature wrapping attack.

The weakness exists in the encryption library due to XML entity expansion. A remote attacker can move XML elements within the document tree and modify the contents of a signed message arbitrarily without invalidating the signature.

Successful exploitation of the vulnerability results in content modification.

Mitigation

Update to version 1.7.1.

Vulnerable software versions

OSCI-Transport Library: 1.6.1


CPE2.3 External links

http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) XXE attack

EUVDB-ID: #VU7320

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10670

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in the encryption library due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can send manipulated XML data to any communication partner and read arbitrary files from the file system of the victim host or cause DoS condition.

Successful exploitation of the vulnerability may result in information disclosure or denial of service.

Mitigation

Update to version 1.7.1.

Vulnerable software versions

OSCI-Transport Library: 1.6.1


CPE2.3 External links

http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###