Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:15 PM
Connect Directly

Cloud Vulnerability Could Let One Server Compromise Thousands

A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.

A newly disclosed critical vulnerability in the OnApp cloud orchestration platform could let an attacker compromise an entire private cloud with access to a single server, researchers report.

The finding comes from researchers at security firm Skylight Cyber who say the flaw has the potential to affect hundreds of thousands of production servers and organizations around the world. OnApp is a London-based cloud management platform, one of the top firms that powers thousands of clouds for managed service providers, telcos, and other cloud hosting services.

Cloud security issues are common these days; however, we usually see them in the context of user misconfigurations and resulting accidental data leaks. In most cases, these mishaps are the user's fault. This particular flaw, located in a management system that thousands of providers use, could let an attacker access, steal, change, or eliminate data on a server through no fault of the user or provider.

OnApp's strategy for managing different servers in the cloud environment could allow attackers to achieve remote code execution (RCE) with root privileges. They simply need to rent a server — a simple process, and one that many companies require only an email address to do.

With that server, an attacker could compromise an entire private cloud due to the way OnApp manages different servers in the cloud environment, researchers explain in a technical blog post. Any user could trigger an SSH connection from OnApp to the managed server due to "agent forwarding," which lets an attacker relay authentication to any server in the same cloud.

The vulnerability affects all OnApp control panels managing Xen or KVM compute resources, OnApp says in a security advisory. It does not affect OnApp control panels that only manage VMware vCloud Director, VMware vCenter environments, or CDN-only control panels. The company has issued a patch for the flaw and says there are no feasible workarounds for this.

Researchers tested, confirmed, and replicated their methodology across multiple cloud vendors, using OnApp for Xen and KVM hypervisors. In fact, it worked for them on the first try.

How They Found It
Skylight began investigating this in May when alerted to hate messages targeting the campaign of an Australian federal parliament member running for office. Emails were disguised to appear as though they came from many Australian businesses; however, they came from a single source.

Analysis of the emails led to the discovery of several servers used to send them. It seems the attacker preferred to use a single hosting company, probably because it didn't require payment or ID to start a free 24-hour trial. Researchers decided to mimic the steps of the attacker and see if they left incriminating evidence. With nothing found, they hypothesized there could be a bug.

The researchers explored the control panel of the hosting company and saw there was an SSH connection between their server and the cloud provider. A public key had been pre-installed to access the server, prompting the team to wonder whether the management software was using the same key pair to manage every server. Researchers found this was the case, and they could launch an SSH connection to any server with the hosting company. They could do this even if they didn't have the private key, which granted the same level of root access the provider had.

Agent forwarding made this possible. A feature of SSH, this lets you connect to a remote machine via SSH and give that machine the ability to use SSH to connect to other machines — without ever having the private authentication key or the passphrase that protects it, researchers explain.

The benefit is that someone can keep a private key locally, on one server, instead of storing it on multiple servers to authenticate connections. Using agent forwarding, this server can provide a remote server with the means to use the private key without having to expose it. The local machine answers "key challenges" and relays them through the remote server to target servers.

Researchers call this "an extremely dangerous feature." With agent forwarding enabled, a remote server accepting your SSH connection could authenticate to any server that accepts your credentials. They were able to trigger management software to use SSH to connect to their server and run commands, then swap the code it was intended to execute with arbitrary code by replacing one of the binaries it commonly executes. OnApp's configuration of SSH with agent forwarding gave researchers a full chain to compromise all servers in a hosting company with root privileges.

Researchers tested this by setting up a source server, which an attacker could obtain with a simple free trial, and a target server. They overwrote the "tput" binary on the source server with their own script that used SSH forwarding to connect with the target server and drop a flag file. They triggered the management software and saw the flag file appear on the target server.

"If we could replicate this across other companies, then the impact is much greater and more dangerous," according to Skylight Cyber. "All we have to do is find cloud providers using OnApp, rent a couple of servers, and test our thesis again."

The vulnerability was assigned to the ID CVE-2019-12491.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Why Clouds Keep Leaking Data."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/1/2019 | 3:18:20 AM
Re: OnApp reached out to me a few months ago
Good share!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...