Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RVD#87: Unauthenticated registration/unregistration with ROS Master API #87

Open
aliasbot opened this issue Oct 20, 2018 · 4 comments
Open

RVD#87: Unauthenticated registration/unregistration with ROS Master API #87

aliasbot opened this issue Oct 20, 2018 · 4 comments
Labels
components software Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack) robot component: ROS ROS-related vulnerabilities. severity: high 7.0 - 8.9 vulnerability

Comments

@aliasbot
Copy link
Collaborator

aliasbot commented Oct 20, 2018
edited by rvd-bot
Loading 

id: 87
title: 'RVD#87: Unauthenticated registration/unregistration with ROS Master API'
type: vulnerability
description: "This vulnerability has previously been disclosed in a variety of peer-reviewed\
  \ articles. Among them and of most relevance is *Dieber, B., Breiling, B., Taurer,\
  \ S., Kacianka, S., Rass, S., & Schartner, P. (2017). Security for the Robot Operating\
  \ System. Robotics and Autonomous Systems, 98, 192-203*.The vulnerability applies\
  \ to the [ROS Master API](http://wiki.ros.org/ROS/Master_API#register.2BAC8-unregister_methods),\
  \  a standardized interface to connect to the centralized hub of the Robot Operating\
  \ System, the master (acting as a server). The ROS Master facilitates discovery\
  \ information to all the nodes in the ROS network. Correspondingly, the Master API\
  \ provides means for topic and service registration, namespace (URI) lookup and\
  \ mechanisms for establishing or finalizing distributed (publish/subscribe) networking\
  \ communications. As described at http://wiki.ros.org/ROS/Master_API#register.2BAC8-unregister_methods,\
  \ there is no authentication enforced within the API. Particularly, for registering\
  \ a new publisher, the API method is as follows:\r\n **registerPublisher(caller_id,\
  \ topic, topic_type, caller_api)**\r\n \r\n Register the caller as a publisher the\
  \ topic.\r\n \r\n Parameters\r\n \r\n *callerid* (str)\r\n \r\n ROS caller ID\r\n\
  \ *topic* (str)\r\n \r\n Fully-qualified name of topic to register.\r\n *topictype*\
  \ (str)\r\n \r\n Datatype for topic. Must be a package-resource name, i.e. the .msg\
  \ name.\r\n *callerapi* (str)\r\n \r\nAPI URI of publisher to register.\r\nReturns\
  \ (int, str, [str])\r\n \r\n (code, statusMessage, subscriberApis)\r\n \r\n List\
  \ of current subscribers of topic in the form of XMLRPC URIs.\r\nThere is no verification\
  \ that the arguments given are valid. This leads to a vulnerability that attackers\
  \ can exploit to register or unregister selected Publishers, Subscribers or Services\
  \ on demand.A few remarks:\r\n- Attack complexity is low due to existing tools that\
  \ allow to exploit this vulnerability\r\n- Scope is the internal network of the\
  \ robot\r\n- No safety implications have been remarked since the vulnerability affects\
  \ a robot (software) component and not a complete system by itself. It should be\
  \ noted however, that a  robotic system using a vulnerable ROS setup  could easily\
  \ cause human harm and thereby affect safety.Further details about exploitation\
  \ provided below."
cwe: CWE-Missing Authentication for Critical Function (CWE-306)
cve: None
keywords:
- components software
- 'robot component: ROS'
- 'severity: high'
- 'state: new'
- vulnerability
system: ROS
vendor: N/A
severity:
  rvss-score: 7.1
  rvss-vector: RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/Y:Z/S:U/C:H/I:N/A:H/H:N
  severity-description: high
  cvss-score: 9.1
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
links:
- https://github.com/aliasrobotics/RVD/issues/87
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2018-10-20'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2018-10-20'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/87
  reproducibility: ''
  trace: null
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''
@aliasbot aliasbot added robot: ROS robot Vulnerabilities in robots severity: high 7.0 - 8.9 state: new labels Oct 20, 2018
@vmayoral vmayoral added components software Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack) robot component: ROS ROS-related vulnerabilities. and removed robot Vulnerabilities in robots robot: ROS labels Oct 20, 2018
@aliasbot aliasbot mentioned this issue Oct 21, 2018
Open
@vmayoral
Copy link
Member

Updated CWE-ID.

@vmayoral
Copy link
Member

Demonstration of the exploitation of this vulnerability available at https://github.com/vmayoral/basic_robot_cybersecurity/tree/master/robot_exploitation/tutorial11.

@github-actions
Copy link

Feedback (automatically generated):

  • FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see Vulnerability report template for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

@github-actions
Copy link

Feedback (automatically generated):

  • FIXME: Robot or Robot component not present in summary table or invalid, see Vulnerability report template for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

@rvd-bot rvd-bot changed the title Unauthenticated registration/unregistration with ROS Master API RVD#87: Unauthenticated registration/unregistration with ROS Master API Jan 13, 2020
@vmayoral vmayoral mentioned this issue Jan 16, 2020
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
components software Vulnerabilities in purely software robot components (e.g. a the ROS navigation stack) robot component: ROS ROS-related vulnerabilities. severity: high 7.0 - 8.9 vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vmayoral @aliasbot