Skip to content

RVD#453: Prediction number attacks on sequence number during RTPS initialization (affects authentication and access DDS security plugins) #453

New issue
New issue
Open
Open
RVD#453: Prediction number attacks on sequence number during RTPS initialization (affects authentication and access DDS security plugins)#453
Labels
CWE-340Predictability problemscomponents softwareVulnerabilities in purely software robot components (e.g. a the ROS navigation stack)robot component: DDSData Distribution Servicerobot component: FastRTPSeProsima's FastRTPS security flawrobot component: ROS2triageNeeds triagevendor: ADLINKvendor: RTIReal-Time Innovationsvendor: eProsimavulnerability
@vmayoral

Description

@vmayoral
vmayoral
opened on Oct 7, 2019
id: 453
title: 'RVD#453: Prediction number attacks on sequence number during RTPS initialization
  (affects authentication and  access DDS security plugins)'
type: weakness
description: "The DDS Security standard states that, before authentication and access\
  \ control can begin, the RTPS protocol is initialized with a sequence number that\
  \ may be susceptible to prediction number attacks. Randomizing can\u2019t be implemented\
  \ using RTPS, since it\u2019s data centric. The authentication and access plugins\
  \ need to check the sequence numbering for each of the messages being received or\
  \ implement their own mechanism to mitigate prediction number attack. The RTPS specifications\
  \ support endpoint checks, but no DDS built-in exists to access the underlining\
  \ RTPS implementation for these checks. DDS built-ins are a predefined set of services\
  \ supported by the vendor\u2019s implementation to perform functions, like disco-vering\
  \ other participants on the network. So, in the case of DDS built-ins to check for\
  \ prediction number attacks, this hasn\u2019t made it into a supported feature.\
  \ First reported at https://journals.sagepub.com/doi/pdf/10.1177/1729881418770011\
  \ by DiLuoffo et al."
cwe: CWE-340
cve: None
keywords:
- CWE-340
- components software
- malformed
- 'robot component: DDS'
- 'robot component: FastRTPS'
- 'robot component: ROS2'
- 'vendor: ADLINK'
- 'vendor: RTI'
- 'vendor: eProsima'
- weakness
system: null
vendor: eProsima, ADLINK, RTI
severity:
  rvss-score: None
  rvss-vector: N/A
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/453
- https://journals.sagepub.com/doi/pdf/10.1177/1729881418770011
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2018-05-01'
  detected-by: Vincenzo DiLuoffo, William R Michalson and Berk Sunar
  detected-by-method: N/A
  date-reported: '2018-10-07'
  reported-by: Alias Robotics
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/453
  reproducibility: ''
  trace: null
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''

Metadata

Metadata

Assignees

No one assigned

    Labels

    CWE-340Predictability problemscomponents softwareVulnerabilities in purely software robot components (e.g. a the ROS navigation stack)robot component: DDSData Distribution Servicerobot component: FastRTPSeProsima's FastRTPS security flawrobot component: ROS2triageNeeds triagevendor: ADLINKvendor: RTIReal-Time Innovationsvendor: eProsimavulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions