An open source code library used in many applications built to offer encrypted phone calls was recently found to contain several vulnerabilities that could in turn undermine the security of those products. Researchers at consultancy Azimuth Security uncovered three software security issues in the GNU ZRTPCPP library, a central security component of applications such as SilentCircle, CSipSimple, LinPhone and Twinkle.
The ZRTPCPP library is a C++ implementation of the ZRTP protocol to negotiate and establish a cryptographically secure, authenticated channel over a pre-established Real-time Transport Protocol connection rather than using out-of-band channels in VoIP communications. The three vulnerabilities in the ZRTPCPP library include a remote heap overflow flaw, multiple stack overflows and an information leaking issue, Azimuth’s Mark Dowd wrote in a blog post detailing the software security problems.
Inside the vulnerabilities
The first issue relates to the ZRtp::storeMsgTemp() function, which is used to temporarily hold a packet in memory so it can be hashed or verified. The function contains a buffer overflow vulnerability stemming from a lack of bounds checking the size of the source buffer.
“If an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times – such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host,” Dowd wrote.
Additionally, a function called ZRtp::prepareCommit() contains multiple stack overflows that emerge when a program is preparing a response to a client’s ZRTP Hello packet. Although the ZRTP specification caps the number of hashing algorithms in a Hello packet at eight, the packet is four bits, allowing a client to specify up to 15 keys. While technical constraints limit the possibilities as far as remote code execution, the flaw could be used to crash the application, Dowd wrote.
The third flaw stems from a lack of validation of the expected size of a packet versus the actual amount of data received, which can allow information to leak or permit out of bounds data reads. Since no check is performed to confirm the size of a ZRTP Ping packet, for instance, sending a malformed packet will not raise an error.
“Using this vulnerability allows the attacker to discover useful pointers and heap state, and could be used in conjunction with the aforementioned heap overflow to gain reliable code execution,” Dowd explained. “In addition, it could possibly be used to leak sensitive crypto-related data, although the extent of how useful this is has not been investigated.”
Handling the errors
Such security issues are of particular interest in the wake of the revelation that the U.S. National Security Agency has been collecting data from phone calls and electronic communications, prompting a wave of users to turn to encrypted communication tools. Azimuth noted that it has disclosed the vulnerabilities to ZRTPCPP author and maintainer Werner Dittman, who has since released fixes on github. Several of the vendors affected have patched their products accordingly as well.
The security issues also offer an important reminder to developers that performing checks and code review on public libraries is a key step in building a product, FierceCIO associate editor Paul Mah wrote. While third-party code is helpful to developers, any implementation should be accompanied with the same software security rigor as in-house code, including subjecting it to tools such as static analysis software.
“While this is hardly the first time that security bugs have been discovered in a code library, it is a somber reminder of the widespread repercussions that security bugs in a popular library can have,” Mah wrote. “In addition, apps that are no longer being developed or updated may contain the vulnerabilities ad infinitum – even as hackers are given a leg up based on information found in published advisories.”
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.