CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections

[Vincent Danen <vdanen () redhat com>]

Just a heads up to advise those shipping qpid-cpp of the following flaw:

In the AMQP messaging scheme implementation each broker can have both, direct
connections and shadow connections. A shadow connection represents a connection
to another broker in the cluster. Members use shadow connections to simulate
the actions of other brokers, so that all members arrive at the same time.
Output for shadow connections is just discarded, brokers only send data to
their directly-connected clients.

A security flaw was found in the way the Qpid C++ libraries implementation,
used by AMQP client applications to exchange messages with an AMQP message
broker using the AMQP protocol, performed authentication for certain shadow
connections. An AMQP client application could issue a phoney shadow connection
to the AMQP broker, leading into situation that AMQP broker to consider the
connection it to be a legitimate connection from another AMQP broker,
subsequently using NullAuthenticator mechanism for authentication, allowing the
AMQP client application to bypass the authentication.


This has been assigned the name CVE-2012-3467.

References:

https://issues.apache.org/jira/browse/QPID-3849
http://svn.apache.org/viewvc?view=revision&revision=1352992
https://bugzilla.redhat.com/show_bug.cgi?id=836276

Also, as a aide note, this affects (possibly Red Hat-specific naming
convention) the qpid-cpp-server-cluster package, other qpid packages  are not
affected.

--
Vincent Danen / Red Hat Security Response Team