Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39199: Release v1.4.1 · codenotary/immudb

immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server.

CVE
Open in Source
#vulnerability#windows#linux#js#kubernetes#docker

Release notes

We’re pleased to announce new version of immudb: 1.4.1. This is a smaller maintenance release that fixes important issues discovered in the previous 1.4.0 release.

Important issues fixed

Along with this release, the go SDK for immudb comes with fixes to two security vulnerabilities (CVE-2022-36111 and CVE-2022-39199) that we’ve discovered through an internal security review. Those vulnerabilities only affect the client SDK that is part of the immudb release - for that reason make sure that the most recent go SDK version is used in your application.

More information about those vulnerabilities can be found in those adversaries:

  • GHSA-672p-m5jq-mrh8
  • GHSA-6cqj-6969-p57x

Small improvements

Besides important fixes, this release also comes with improved naming convention related to replication options and an option to reset admin password without knowledge of the previous password. Such password reset is helpful in case the admin password is lost and can also be used to ensure there’s a correct admin password set in cloud deployments such as Kubernetes.

Changelog****[v1.4.1] - 2022-11-16****Bug Fixes

  • Change replication-related terms in codebase
  • Change replication-related terms in tests
  • cmd: Rename replication flags to follow consistent convention
  • cmd/immudb: Better description of the --force-admin-password flag
  • cmd/immudb: Fix description of the force-admin-password flag
  • embedded/appendable: fsync parent directory
  • embedded/appendable: fsync parent folder in remote appedable
  • pkg: Rename replication-related fields in GRPC protocol
  • pkg/client: Delay server identity validation
  • pkg/client/cache: Add methods to validate server identity
  • pkg/client/cache: Validate server’s identity
  • pkg/server: Remove includeDeactivated flag when querying for users
  • pkg/server/servertest: Add uuid to buffconn server
  • pkg/server/servertest: Fix resetting grpc connection
  • test/perf-test-suite: Avoid dumping immudb logo on perf test results file
  • test/performance-test-suite: Ensure results are shown after proper is finished
  • verification: Additional Linear proof consistency check
  • verification: Recreate linear advance proofs for older servers

Changes

  • pkg/server: Add logs for activities related to users
  • ci: migrate deprecating set-output commands
  • cmd/immudb: Allow resetting sysadmin password
  • docs/security: Be less specific about package version in examples
  • docs/security: Add resources for the linear-fake vulnerability
  • embedded/appendable: sync directories
  • embedded/store: Disable asynchronous AHT generation
  • embedded/store: Remove AHT Wait Hub
  • pkg/client: Document WithDisableIdentityCheck option
  • pkg/client/cache: Describe serverIdentity parameter
  • pkg/client/cache: Limit the hash part of the identity file name
  • pkg/client/state: Cleanup mutex handling in StateService
  • pkg/server: Warn if sysadmin user password was not reset
  • pkg/server: Better warning for unchanged admin password
  • test/performance-test-suite: Add summary to json output

Features

  • ci: fix message and input
  • ci: add runner name to mattermost message header
  • ci: simplify results extraction
  • ci: extract performance tests into separate workflow to be reused
  • ci: add scheduled daily test runs and send results to Mattermost
  • pkg/replication: Disable server’s identity check in internal replication

Downloads

Docker image
https://hub.docker.com/r/codenotary/immudb

immudb Binaries

File

SHA256

immudb-v1.4.1-darwin-amd64

120966d077c5ffca4bfd6745473a06c0ca219291adc49960108cc476e418cf5a

immudb-v1.4.1-darwin-arm64

d6469914115a58f9462c07b1d5aa0dbb1e777b80477d8baf8108bf51deabdd22

immudb-v1.4.1-freebsd-amd64

05a932c73bbb4305f6f7975a3bdc0f2198f8968776b16b84497584bb2742bc5a

immudb-v1.4.1-linux-amd64

a5ae370d6475026db7df5906ba037dc708b0a8bda52a0adf0d06c3dcdee587f1

immudb-v1.4.1-linux-amd64-fips

db4477eb54d0437b9b145dfa9f77b593fc3a149906b0c5cc1c4ed87301786298

immudb-v1.4.1-linux-amd64-static

7b2c31569a513e072cefbdc7cbcf7c36421516230bf388a5156d95a5f3034b02

immudb-v1.4.1-linux-arm64

3d5f8784bdf652d2c067885d19b330d28bf497459b59a9358c0774dbff1f4d6f

immudb-v1.4.1-linux-s390x

ee4efbcb850ab56da2fd3ed18226bd9808de404fd69ea425567952492e320e96

immudb-v1.4.1-windows-amd64.exe

707963320c94390ac9f9ce8d20d4f274baf636df789c4a65f3dc1a74bfd7f52c

immuclient Binaries

File

SHA256

immuclient-v1.4.1-darwin-amd64

076c4f474e8f57d59ec20016d5f445205b80d16c0a7aebe6ae0b1d07310c5360

immuclient-v1.4.1-darwin-arm64

41bfe74f900e7bbd9cc57b89d3111edf9faa3f5ff4204995e352f02c78fa3c53

immuclient-v1.4.1-freebsd-amd64

286c48668fd772464217f26cfc30772819175e61452d860d44ad6ec04c437c79

immuclient-v1.4.1-linux-amd64

3ab44ad6d956a7f4ecff2da08738227e63cd4816ef7047dc63f671c6536969b7

immuclient-v1.4.1-linux-amd64-fips

75cbdc3614cb345af53e127aaaf4e7633fde4710f1ce1f1191c12b1d7ce4ab0f

immuclient-v1.4.1-linux-amd64-static

1f33880078225f56b253e663fb5d6e8ef1927d4bc9019ad8ef40a1863d99be7e

immuclient-v1.4.1-linux-arm64

30e736810ab08f74e4dbd22b9ddb369b321dde1c65b35879a3ed164c97e5e8a0

immuclient-v1.4.1-linux-s390x

6fe337a5d14511eda8cad40d7ec4f6c483bf5b2811229678833286cfa373a7a0

immuclient-v1.4.1-windows-amd64.exe

6790a7dc306f3669cb824774b45c140c9331b6a83ae8fb10629a7c58c495405d

immuadmin Binaries

File

SHA256

immuadmin-v1.4.1-darwin-amd64

caf3308f916d43c79fc14c77c3452013f3580b4e7edfd0fe949219d945d3b245

immuadmin-v1.4.1-darwin-arm64

1a82fef2f16715591da9e74001a8db0d0838ce6e273cf08443e8261f89f6fedb

immuadmin-v1.4.1-freebsd-amd64

42679b08927dcbef84b18eac78391e78c29a5c817e9febf56bc18485ee39c5a5

immuadmin-v1.4.1-linux-amd64

24126f6699b3ae3fe18910c5a4fb45d996bc9237ebb92e91ee2916b8f8379b0c

immuadmin-v1.4.1-linux-amd64-fips

b5b457b179384a72a6486a5e82f16f8bfe449b467e31373627f94a736f7d7afb

immuadmin-v1.4.1-linux-amd64-static

e68a4fc4640082a67522c9a77f081ee513cc87732900b3f0dd644deda6a58843

immuadmin-v1.4.1-linux-arm64

9cc7d0283b4e7bd58c1daa39ec1c93c9bdaeb7818b11ac5ac88a8d91be3ba658

immuadmin-v1.4.1-linux-s390x

22408bc7d8e0cef8378fcff8b1079bfa574e0336e5ca77f77facf21c67e3f24e

immuadmin-v1.4.1-windows-amd64.exe

2fa628855a0c17aecb5cc675297a1bf217bbf595f40701ed740d6351279f7e2d

Related news

GHSA-6cqj-6969-p57x: Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs

### Impact immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. ### Patches The following Go SDK versions are not vulnerable | **SDK** | **Version** | |-------|------------| | [go](pkg.go.dev/github.com/codenotary/immudb/pkg/client) | 1.4.1 | ### Workarounds When initializing an immudb client object, a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server. ### For more information If you have any ques...

GHSA-672p-m5jq-mrh8: Insufficient Verification of Proofs generated by the immudb server in client SDK.

### Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. ### Detailed description immudb uses Merkle Tree enhanced with additional linear part to perform consistency proofs between two transactions. The linear part is built from the last leaf node of the Merkle Tree compensating for transactions that were not yet consumed by the Merkle Tree calculation. The Merkle Tree part is then used to perform proofs for things that are in transaction range covered by the Merkle Tree where the linear part is used to check those that are not yet in the Merkle Tree. Whe...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE