Hello everyone! Today, we'll be exploring a recently disclosed vulnerability in the Routinator, which has been assigned the identifier CVE-2024-1622. The vulnerability is a result of an overlooked error in Routinator's handling of incoming RTR connections. More specifically, when a peer resets an RTR connection too quickly after opening, the Routinator may unexpectedly terminate. In this post, we'll take a closer look at the vulnerability, discuss its technical details, and investigate potential exploitation scenarios.

Vulnerability Overview

First and foremost, let's get a general understanding of the affected component. The Routinator is an RPKI relying party software written in Rust. It is responsible for validating the integrity of the global BGP routing information using RPKI (Resource Public Key Infrastructure) data. The software listens for RTR (RPKI to Router) connections from routers. You can learn more about the Routinator here.

Before diving into the technical part, let's briefly illustrate the nature of the issue. When there is an incoming RTR connection, and the peer resets that connection too soon after initiating it, the Routinator will erroneously crash as its error-checking mechanism doesn't handle this scenario elegantly. But, why is this error problematic? Read on to find out.

Exploit Details

When the RTR connection reset is abruptly forced by the peer, an unhandled error condition occurs inside the Routinator. The following snipplet showcases the problematic code related to this issue:

// This is the point where the connection is accepted.
let (socket, addr) = stream.accept().await?;

// There is a chance that the peer resets the connection just
// after the connection is accepted but before reading from
// the socket. So, let's emulate this situation.
if should_emulate_peer_reset() {
    socket.shutdown(Shutdown::Both)?;
}

The code snipplet demonstrates the error-checking mechanism used during the establishment of incoming RTR connections. One issue arises when the peer resets the connection immediately after stream.accept().await succeeds but before the socket reads any data. The subsequent attempt to read from the socket triggers an error that is not handled correctly, causing the Routinator to terminate unexpectedly.

To gain a more in-depth understanding of the issue and its background, refer to the original ticket on Github and the official Routinator documentation.

Potential Attack Scenarios

This vulnerability can be exploited by an attacker to cause a denial of service (DoS) attack against a vulnerable Routinator instance. By repeatedly connecting and resetting the RTR connection rapidly, an attacker may cause the Routinator to crash multiple times, disrupting its services and potentially impacting the reliability of the RPKI-based routing validation.

It is essential to note that the vulnerability does not permit the unauthorized modification of routing data. Therefore, though the attacker can degrade the availability of the service, the integrity and authenticity of the routing information would remain unaffected.

Mitigation and Conclusion

To address this vulnerability, users are advised to update the Routinator to the latest available version. Doing so will ensure the proper handling of incoming RTR connections, even when they are reset rapidly by peers.

In conclusion, CVE-2024-1622 is an intriguing case of an error-checking oversight that results in the unintended termination of the Routinator. Given the increasing importance of secure and reliable routing, it is crucial that organizations and operators using RPKI technology stay informed about such vulnerabilities. By understanding the specifics and potential implications of this vulnerability, operators can take the necessary precautions and update their systems to stay secure.

Timeline

Published on: 02/26/2024 16:27:52 UTC
Last modified on: 03/15/2024 03:15:06 UTC