-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ESnet Software Security Advisory ESNET-SECADV-2023-0002
Topic: iperf3 Server Denial of Service Issued: 13 September 2023 Revised: 15 September 2023 Credits: Jorge Sancho Larraz (Canonical) Affects: iperf-3.14 and earlier Corrected: iperf-3.15 I. Background iperf3 is a utility for testing network performance using TCP, UDP, and SCTP, running over IPv4 and IPv6. It uses a client/server model, where a client and server communicate the parameters of a test, coordinate the start and end of the test, and exchange results. This message exchange takes place over a TCP "control connection". II. Problem Description The iperf3 server and client will, at various times, send data over the control connection that control the parameters, start and stop of a test, and result exchange. Many of these data have some expected length to them (whether fixed or variable). It is possible for a malicious or malfunctioning client to send less than the expected amount of data to the server. If this happens, the server will hang indefinitely waiting for the remainder (or until the connection gets closed). Because iperf3 is deliberately designed to service only one client connection at a time, this will prevent other connections to the iperf3 server. III. Impact A malicious or misbehaving process can connect to an iperf3 server and prevent other connections to the server indefinitely. This issue mainly applies to an iperf3 server that is reachable from some untrusted host or network, such as the public Internet. It might be possible for a malicious iperf3 server to mount a similar attack on an iperf3 client. iperf2 uses a different model of interaction between client and server, and is not affected by this issue. IV. Workaround There is no workaround for this issue, however as best practice dictates, iperf3 should not be run with root privileges, to minimize possible impact. Note that iperf3 was not designed to be a long-running server on the public Internet. V. Solution Update iperf3 to a version containing the fix (i.e. iperf-3.15 or later). VI. Correction details The bug causing this vulnerability has been fixed by the following commit in the esnet/iperf Github repository: master 5e3704dd850a5df2fb2b3eafd117963d017d07b4 All released versions of iperf3 issued on or after the date of this advisory incorporate the fix. ESnet would like to thank Jorge Sancho Larraz (Canonical) for bringing this issue to our attention. Security concerns with iperf3 can be submitted privately by sending an email to the developers at <ip...@es.net>. V. Revision history 13 September 2023: Original version of security advisory. 15 September 2023: Corrected inaccurate information about iperf2. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE+Fo4IENp9xo01E6DSYSRCoyq7ooFAmUEvc8ACgkQSYSRCoyq 7oqu+Qf+MgZTo47gNDW98/1dWYMLBhAA9ptVh6BLknpxJ/S2HdeWKQNH68cSLG3b VM7DkZSyCCmad77ySbr3w7/UoFbD1YJetDSdh3J73vdSQNClCUPG9ddSt45QuWsK kvURAUWHA4lcR/ZsJruWTa9YNYV2qECVJd9zHmUJ9/o01IAoP5sfEQgJJaPX7JWZ RyCu9rJVBq5yGlLL86338HIoMmNnD212CkDnpoIcEpdocwJ7dkCIZoOPh/KjYoWQ tLGEgscW3JT9L1zwAjZuHy8vi+wNyXUr8/vLcns4K3FabYFzrKSq5ODs0qgNmpfS PHOf94N6Qk97M1BA0A8qV9HLF2yS+w== =FrPM -----END PGP SIGNATURE----- _______________________________________________ Iperf-users mailing list Iperf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iperf-users
