A recent vulnerability, CVE-2024-25724, has been identified in RTI Connext Professional versions 5.3.1 through 6.1. before 6.1.1. This vulnerability is a buffer overflow in XML parsing, which occurs in the Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service. Attackers can exploit this vulnerability to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or even crash the service. The impacts include remote malicious RTPS messages, compromised calls with malicious parameters to specific public APIs, and compromised local file systems containing malicious XML files.

Code Snippet

An attacker can exploit this vulnerability by sending a remote malicious RTPS message, directly invoking the mentioned public APIs with malicious parameters, or place a malicious XML file in the local file system.

// Potential malicious XML file
<!-- malicious.xml -->
<bufferOverflow attackValue="AAAAAAAA...">
</bufferOverflow>

// Compromised API call example
RTI_RoutingService_new(maliciousParam1, maliciousParam2, ...);

Exploit Details

1. Remote Malicious RTPS Message: An attacker can craft a malicious RTPS message, causing a buffer overflow in the XML parsing of the affected services. This allows the attacker to execute code with the service's privileges and potentially compromise the service's integrity.

2. Compromised API Call: An attacker can compromise a call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs. This could result in a buffer overflow, which in turn causes the service to leak sensitive information, crash, or even execute code with the affected service's privileges.

3. Compromised Local File System: An attacker can also exploit the vulnerability by compromising the local file system containing a malicious XML file. The file system could then be parsed by one of the affected services, leading to a buffer overflow and allowing the attacker to execute code, compromise the service's integrity, or leak sensitive information.

Mitigation

Users are advised to upgrade to RTI Connext Professional 6.1.1, which addresses this vulnerability. It's also crucial to follow secure coding practices and validate any XML files or data before processing.

Original References

1. CVE-2024-25724 - National Vulnerability Database (NVD)
2. RTI Security Advisory

Conclusion

CVE-2024-25724 is a critical vulnerability in RTI Connext Professional, which can have significant impacts on the affected services. Developers and users must ensure they are using updated versions of the software and follow secure coding practices to prevent exploitation. By staying informed about the latest vulnerabilities and adopting a proactive approach to security, it's possible to minimize the risks associated with such security flaws.

Timeline

Published on: 05/21/2024 19:15:09 UTC
Last modified on: 08/01/2024 23:52:06 UTC