[NT] Cryptographic Flaw in RDP Protocol Can Lead to Information Disclosure
From: support@securiteam.comDate: 09/22/02
- Previous message: support@securiteam.com: "[NT] IBM WebSphere Large Header DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 22 Sep 2002 18:41:20 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Cryptographic Flaw in RDP Protocol Can Lead to Information Disclosure
------------------------------------------------------------------------
SUMMARY
The Remote Data Protocol (RDP) provides the means by which Windows systems
can provide remote terminal sessions to clients. The protocol transmits
information regarding a terminal sessions' keyboard, mouse, and video to
the remote client, and is used by Terminal Services in Windows NT 4.0 and
Windows 2000, and by Remote Desktop in Windows XP. Two security
vulnerabilities, both of which are eliminated by this patch, have been
discovered in various RDP implementations.
The first involves how session encryption is implemented in certain
versions of RDP. All RDP implementations allow the data in an RDP session
to be encrypted. However, in the versions in Windows 2000 and Windows XP,
the checksums of the plaintext session data are sent without being
encrypted themselves. An attacker who was able to eavesdrop on and record
an RDP session could conduct a straightforward cryptanalytic attack
against the checksums and recover the session traffic.
The second involves how the RDP implementation in Windows XP handles data
packets that are malformed in a particular way. Upon receiving such
packets, the Remote Desktop service would fail, and with it would fail the
operating system. It would not be necessary for an attacker to
authenticate to an affected system in order to deliver packets of this
type to an affected system.
DETAILS
Affected Software:
* Microsoft Windows 2000
* Microsoft Windows XP
Mitigating factors:
Cryptographic Flaw in RDP Protocol:
* An attacker would need the ability to capture an RDP session in order
to exploit this vulnerability. In most cases, this would require that the
attacker have physical access to the network media.
* Because encryption keys are negotiated on a per-session basis, a
successful attack would allow an attacker to decrypt only a single session
and not multiple sessions. Thus, the attacker would need to conduct a
separate cryptanalytic attack against each session he or she wished to
compromise.
Denial of Service in Remote Desktop:
* Remote Desktop service in Windows XP is not enabled by default.
* Even if Remote Desktop service were enabled, a successful attack would
require that the attacker be able to deliver packets to the Remote Desktop
port on an affected system. Customers who block port 3389 at the firewall
would be protected against attempts to exploit this vulnerability. (By
default, Internet Connection Firewall does block port 3389).
Patch availability:
Download locations for this patch
* Windows 2000:
<http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41326>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41326
* Windows XP:
<http://www.microsoft.com/Downloads/Release.asp?ReleaseID= 41288>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID= 41288
* Windows XP 64 bit Edition:
<http://www.microsoft.com/Downloads/Release.asp?ReleaseID= 41314>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID= 41314
What vulnerabilities are eliminated by this patch?
This patch eliminates two vulnerabilities affecting the implementation of
the RDP protocol:
* The first involves a cryptographic flaw affecting the Windows 2000 and
Windows XP implementations.
* The second involves denial of service vulnerability affecting the
Windows XP implementation only.
What is the RDP protocol?
Remote Desktop Protocol is a networking protocol that supports remote
Windows terminal sessions between a client and a server. It transmit all
of the information usually associated with a local console session -
keystrokes, video and mouse data, and so forth - across a network,
allowing users to have full, interactive logon sessions with remote
systems. Microsoft Knowledge Base article
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;q186607> Q186607
provides detailed technical information about the protocol.
In which Microsoft products is RDP implemented?
In general, RDP is the underlying protocol for Windows features that allow
remote desktop sessions. For instance:
* Windows NT 4.0, Terminal Server Edition implements RDP 4.0.
* Terminal Services in Windows 2000 implements RDP 5.0
* Remote Desktop Sharing in Windows XP implements RDP 5.1
Are RDP sessions enabled by default in Windows?
RDP sessions are enabled by default in Windows NT 4.0, Terminal Server
Edition, but not in any other version of Windows. (Please note, however,
that neither of these vulnerabilities occurs in Windows NT 4.0 Terminal
Server Edition).
Cryptographic Flaw in RDP Protocol:
What is the scope of first vulnerability?
This vulnerability could enable an attacker to read the contents of an
encrypted RDP session, thereby compromising any data within it. This could
include information such as usernames and passwords, as well as any data
the user entered into an application or which an application displayed for
the user.
To exploit the vulnerability, the attacker would need the ability to
eavesdrop on and record an RDP session. In most cases, this would require
the attacker to have physical access to the network media itself. It would
also require the attacker to have the technical ability to mount a
cryptanalytic attack on the recorded data (the attack is, however,
straightforward). Only the RDP implementations in Windows 2000 and Windows
XP are affected.
What causes the vulnerability?
The vulnerability results because, although session data is encrypted in
RDP 5.0 (the version that ships with Windows 2000) and RDP 5.1 (the
version that ships with Windows XP), the checksums of the session data are
not.
What is RDP Encryption?
Because RDP packets can sometimes be sent across uncontrolled or untrusted
networks like the Internet or an extranet, RDP encrypts the data in a
remote session using the RC4 crypto algorithm. In versions prior to
Windows XP, the server administrator could select the key size to use; in
Windows XP, all sessions are protected using 128-bit key.
The vulnerability, however, has nothing to do with the crypto algorithm
used by RDP, nor with the key size. Instead, it results because of an
implementation error involving the handling of checksum data.
What is checksum data?
Checksums are frequently used in networking applications as a way of
detecting and correcting errors that occur during transmission. Before one
computer sends a data packet, it performs a mathematical operation on the
data, and sends the result of the operation along with the data itself.
Upon receiving the data and checksum, the other computer performs the same
mathematical operation on the data it received, and confirms that the
result matches what it received. If they match, it is a good indicator
that the data was not corrupted in transit.
What is wrong with the way checksums are handled in encrypted RDP
sessions?
The checksums, like the session data itself, should be encrypted. However,
in the Windows 2000 and Windows XP implementations of RDP, they are not.
The session data is encrypted, but before it is encrypted a checksum is
calculated - and that checksum is sent in plaintext.
Why does this constitute a security vulnerability? After all, the
checksums are not the same as the session data, they are just information
about the session data.
True, but there are straightforward cryptanalytic techniques that would
enable an attacker to recover the session data from the checksums. Having
broken the encryption, the attacker would be able to see the user's entire
RDP session. Any information - from the information the user entered at
the keyboard, to the movements of his or her mouse, to the information
displayed on the screen - could be read.
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would first have to have the
means to capture a user's encrypted network traffic, most likely using a
network packet tracer. This is an important point, because in most cases
it would require the attacker to have physical access to the network
cabling that carries the session data.
Having captured the data, the attacker would need to subject it to a
cryptanalytic attack in order to "crack" the encryption on the session
data. This would require some technical knowledge about the RDP data
format and cryptanalytic techniques, but these are not insurmountable
hurdles.
If an attacker managed to decrypt one session, would that make it easier
to decrypt future ones?
No. Unique session keys are negotiated at the start of every RDP session,
so each attempt to compromise a session would need to start from scratch.
Does the vulnerability affect Windows NT 4.0?
No. Only the RDP implementations in Windows 2000 and Windows XP are
affected.
What does the patch do?
The patch eliminates the vulnerability by encrypting the checksums as well
as the session data.
Denial of Service in Remote Desktop:
What is the scope of the second vulnerability?
This is a denial of service vulnerability. An attacker who successfully
exploited this vulnerability could cause a system hosting remote sessions
to fail, with the loss of any unsaved data.
This vulnerability only affects Windows XP, but even then, the affected
feature is not enabled by default. Even if it were enabled, an attacker
would need the ability to deliver data to an affected system in order to
exploit the vulnerability, so users who have observed normal firewalling
precautions would not at risk from Internet-based attacks.
What causes the vulnerability?
The vulnerability results because of a flaw in the way RDP 5.1 (the
version implemented in Windows XP) handles certain types of invalid data
packets. Instead of handling them gracefully, RDP - and with the operating
system itself - would fail upon processing them.
What is wrong with the way the RDP implementation in Windows XP handles
the invalid data involved in the vulnerability?
By design, RDP should always check the validity of all incoming data
packets before trying to act upon them. However, the RDP implementation in
Windows XP does not check for one particular type of flaw in the incoming
packets. Because of this, it would be possible to create a packet that,
when processed, would create a series of failures that would culminate in
the failure of the operating system itself.
What could an attacker do via this vulnerability?
An attacker could cause a Windows XP system to fail, if it has been
configured to allow Remote Desktop sessions. The operator would need to
reboot the machine in order to restore normal service.
Who could exploit the vulnerability?
Any user who could deliver the specific type of packets involved in this
vulnerability to an affected Windows XP system could exploit it.
Are default installations of Windows XP affected by the vulnerability?
No. Remote Desktop Service does not run by default.
I do not know if I have enabled Remote Desktop. How can I tell?
Select Start, then Control Panel, then System. In the System Properties
dialog, select the Remote tab, and inspect the checkbox in the Remote
Desktop section. If it is selected, Remote Desktop is enabled; if it is
not, Remote Desktop is disabled.
Would the attacker need to be able to establish a Remote Desktop session
in order to exploit this vulnerability?
No. The attacker would only need to send the correct set of packets to the
correct port.
Could the vulnerability be exploited from the Internet?
It depends on whether the attacker was able to deliver packets to the port
on which RDP operates, port 3389. If standard best practices have been
followed, this port will be blocked at the firewall. (For instance, this
port is blocked by default by Internet Connection Firewall).
Could a user inadvertently exploit this vulnerability?
No. The specific series of packets needed to cause the server to fail
cannot be generated as part of a normal Remote Desktop session.
What does the patch do?
The patch addresses the vulnerability by ensuring that the Remote Desktop
service handles malformed packets gracefully.
ADDITIONAL INFORMATION
The information has been provided by
<mailto:0_36905_E51E4D7D-DECD-43AE-9A29-36080E8D4C3C_US@Newsletters.Microsoft.com> Microsoft Product Security.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] IBM WebSphere Large Header DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
