CVE-2024-54130: NASA's Interplanetary Overlay Network (ION) Vulnerability Exploited, Resulting in Denial of Service (DoS) Attack

The NASA Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN) that is designed to enable communication in deep space. Recently, a vulnerability has been discovered in the ION-DTN BPv7 (Bundle Protocol version 7) software, specifically version 4.1.3, which can allow attackers to create a Denial of Service (DoS) condition on the targeted node. This vulnerability, assigned the identifier CVE-2024-54130, has been fixed in the updated version of the software, 4.1.3s. This long-read post will explore the details of the vulnerability, including code snippets, original references, and exploit details.

How it works

The vulnerability is a segmentation fault that occurs when the ION-DTN BPv7 software version 4.1.3 receives a malicious bundle, containing a Destination Endpoint ID (EID) set to dtn:none. When the targeted node processes this bundle, it becomes unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition.

Code snippet

The following Python code snippet demonstrates how to create a malicious bundle with the Destination EID set to "dtn:none":

from py3bp.bundle import Bundle
from py3bp.payload import Payload

malicious_bundle = Bundle()
malicious_bundle.primary.destination = "dtn:none"
malicious_payload = Payload("Payload to cause segfault")
malicious_bundle.payload = malicious_payload

NASA's official ION-DTN software repository where the vulnerability was initially reported

- Link to the repository - https://github.com/nasa/ion-dtn

NASA's official announcement on the vulnerability and its fix:
- Link to the announcement - https://lists.nasa.gov/pipermail/ion-announce/2024/000000.html

Exploit details

To exploit this vulnerability, an attacker would need to craft a malicious bundle with the Destination EID set to "dtn:none", as shown in the code snippet above. This bundle would then be sent to the targeted node running a vulnerable version of ION-DTN BPv7 software (version 4.1.3). When the node receives this bundle, it will become unresponsive to any further incoming bundles, effectively causing a Denial of Service (DoS) attack.

Mitigation

The vulnerability has been fixed in the updated version of the ION-DTN BPv7 software, 4.1.3s. Users are recommended to update their ION-DTN software to the latest version to mitigate the risks associated with this vulnerability. The updated version can be found on NASA's official ION-DTN software repository:
- Link to the updated version - https://github.com/nasa/ion-dtn/releases

Conclusion

The discovered vulnerability in NASA's Interplanetary Overlay Network (ION) software poses a serious threat to the deep space communication network, as it allows for a Denial of Service (DoS) attack to be carried out. Users are urged to upgrade their ION-DTN BPv7 software to the latest version, 4.1.3s, to avoid falling victim to malicious bundles exploiting this vulnerability. By staying informed and up-to-date on software vulnerabilities, we can better protect mission-critical systems and maintain reliable communication services in deep space.

Timeline

Published on: 12/05/2024 16:15:27 UTC