Re: [xmpp] IQ Handling vulnerabilities
"Joe Hildebrand (jhildebr)" <jhildebr@cisco.com> Thu, 06 February 2014 21:58 UTC
Return-Path: <jhildebr@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42CA11A044D for <xmpp@ietfa.amsl.com>; Thu, 6 Feb 2014 13:58:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.036
X-Spam-Level:
X-Spam-Status: No, score=-10.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kNkGwUzsF5p for <xmpp@ietfa.amsl.com>; Thu, 6 Feb 2014 13:58:48 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) by ietfa.amsl.com (Postfix) with ESMTP id 7DC361A044C for <xmpp@ietf.org>; Thu, 6 Feb 2014 13:58:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1797; q=dns/txt; s=iport; t=1391723927; x=1392933527; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=pH1JY0HDIIJmL4rK/1Qa79MMZtyRWLhSonUoGuDSnvM=; b=O4k9U//+rxN7eOC2dRmw9N7snb5XKitp1QmzITXPu5VVpqgZyAlJRp/k 4/R8ViDcckNAhuJupQ7g4MpcikrWLet7tHf9nHYsHzSskiJomKlcoC0YT f4rcmKYREgoAz5G6q/7MP9ngziZsKbC9ft4fgJosNOUjvc0gS0LkZOL9x Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgwFADYE9FKtJV2Z/2dsb2JhbABZgww4V753gQ8WdIImAQEEAQEBNzQbAgEINhAnCyUCBAESG4dqDc0HEwSPAYQ4BJgrkiGDLYIq
X-IronPort-AV: E=Sophos;i="4.95,796,1384300800"; d="scan'208";a="18583106"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-3.cisco.com with ESMTP; 06 Feb 2014 21:58:47 +0000
Received: from xhc-rcd-x14.cisco.com (xhc-rcd-x14.cisco.com [173.37.183.88]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s16Lwlvp017967 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 6 Feb 2014 21:58:47 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.55]) by xhc-rcd-x14.cisco.com ([173.37.183.88]) with mapi id 14.03.0123.003; Thu, 6 Feb 2014 15:58:46 -0600
From: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
To: "kevin@kismith.co.uk" <kevin@kismith.co.uk>, XMPP Working Group <xmpp@ietf.org>
Thread-Topic: [xmpp] IQ Handling vulnerabilities
Thread-Index: AQHPIy5NY8RkLrfuaUqqtuYhYOIBR5qopVEA
Date: Thu, 06 Feb 2014 21:58:45 +0000
Message-ID: <CF194491.38AD3%jhildebr@cisco.com>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com>
In-Reply-To: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [10.154.232.38]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <5BD492AD7A714F4BB034AB21BB2ACC6C@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 21:58:50 -0000
(as individual) I think this is a very important issue. I'm worried about the security impact, and I think we need to give good guidance. (as co-chair) Who else thinks we need to work on this? Can we start with an individual I-D that lays out the problem and solution? That would allow us to make good decisions about what the next step would be. Kev, that might be pretty quick for you to write... On 2/6/14 3:26 AM, "Kevin Smith" <kevin@kismith.co.uk> wrote: >Hi folks, > Discussion in the XSF and at the recent XMPP Summit has shown that >there are widespread issues with handling of iq responses in XMPP >software. This is probably something we need to consider handling. > >The basis of this is that many libraries/clients >a) Only check the id of an iq error/result, not the sender, to check >it matches one they've sent (Very Wrong) >b) Use predictably generated ids for stanzas (ill-advised, but not >strictly wrong) >c) Use known resource strings (bad, but not strictly wrong) > >In conjunction, this leads to various obvious attacks with differing >levels of severity, but for the sake of enumerating some, with some >good fortune with timing against a vulnerable client you can: Fake >contacts', or even their own, vcards; fake their roster so they think >people have 'unfriended' them, or that they have already added someone >unknown; deny capabilities discovery; make them think their server >doesn't have a MUC service; and the list goes on and on. > >We certainly need to call this out explicitly in 3920ter, We might >want to publish something in the interim. > >/K >_______________________________________________ >xmpp mailing list >xmpp@ietf.org >https://www.ietf.org/mailman/listinfo/xmpp > -- Joe Hildebrand
- Re: [xmpp] IQ Handling vulnerabilities Philipp Hancke
- [xmpp] IQ Handling vulnerabilities Kevin Smith
- Re: [xmpp] IQ Handling vulnerabilities Joe Hildebrand (jhildebr)
- Re: [xmpp] IQ Handling vulnerabilities Matt Miller
- Re: [xmpp] IQ Handling vulnerabilities Peter Saint-Andre
- Re: [xmpp] IQ Handling vulnerabilities Ben Campbell
- Re: [xmpp] IQ Handling vulnerabilities Thijs Alkemade
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Kevin Smith
- Re: [xmpp] IQ Handling vulnerabilities Kevin Smith
- Re: [xmpp] IQ Handling vulnerabilities Joe Hildebrand (jhildebr)
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Kevin Smith
- Re: [xmpp] IQ Handling vulnerabilities Joe Hildebrand (jhildebr)
- Re: [xmpp] IQ Handling vulnerabilities Waqas Hussain
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Ben Campbell
- Re: [xmpp] IQ Handling vulnerabilities Thijs Alkemade
- Re: [xmpp] IQ Handling vulnerabilities Waqas Hussain
- Re: [xmpp] IQ Handling vulnerabilities Kevin Smith
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Kevin Smith
- Re: [xmpp] IQ Handling vulnerabilities Thijs Alkemade
- Re: [xmpp] IQ Handling vulnerabilities Thijs Alkemade
- Re: [xmpp] IQ Handling vulnerabilities Ashley Ward
- Re: [xmpp] IQ Handling vulnerabilities Peter Saint-Andre
- Re: [xmpp] IQ Handling vulnerabilities Peter Saint-Andre
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Ashley Ward
- Re: [xmpp] IQ Handling vulnerabilities Peter Saint-Andre
- Re: [xmpp] IQ Handling vulnerabilities Joe Hildebrand (jhildebr)
- Re: [xmpp] IQ Handling vulnerabilities Thijs Alkemade
- Re: [xmpp] IQ Handling vulnerabilities Joe Hildebrand (jhildebr)
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Thijs Alkemade
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Dave Cridland
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Alexander Holler
- Re: [xmpp] IQ Handling vulnerabilities Joe Hildebrand (jhildebr)