|
|
- Subject: Prevent some forms of Cross Protocol Scripting attacks
- Author: Andreas Fritiofson <andreas.fritiofson@gmail.com>
- Origin: other, http://openocd.zylin.com/#/c/4335/
- Bug-Debian: https://bugs.debian.org/887488
- Last-Update: 2018-01-18
-
- From 3a223ca3ebc7ac24d7726a0cd58e5695bc813657 Mon Sep 17 00:00:00 2001
- From: Andreas Fritiofson <andreas.fritiofson@gmail.com>
- Date: Sat, 13 Jan 2018 21:00:47 +0100
- Subject: [PATCH] CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks
-
- OpenOCD can be targeted by a Cross Protocol Scripting attack from
- a web browser running malicious code, such as the following PoC:
-
- var x = new XMLHttpRequest();
- x.open("POST", "http://127.0.0.1:4444", true);
- x.send("exec xcalc\r\n");
-
- This mitigation should provide some protection from browser-based
- attacks and is based on the corresponding fix in Redis:
-
- https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758
-
- Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
- Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
- Reported-by: Josef Gajdusek <atx@atx.name>
- ---
-
- diff --git a/src/server/startup.tcl b/src/server/startup.tcl
- index 64ace40..dd1b31e 100644
- --- a/src/server/startup.tcl
- +++ b/src/server/startup.tcl
- @@ -8,3 +8,14 @@
- # one target
- reset halt
- }
- +
- +proc prevent_cps {} {
- + echo "Possible SECURITY ATTACK detected."
- + echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
- + echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
- + echo "to compromise your OpenOCD instance. Connection aborted."
- + exit
- +}
- +
- +proc POST {args} { prevent_cps }
- +proc Host: {args} { prevent_cps }
|
