Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpid | Apache | * | 0.16 (including) |
| Qpid | Apache | 0.5 (including) | 0.5 (including) |
| Qpid | Apache | 0.6 (including) | 0.6 (including) |
| Qpid | Apache | 0.14 (including) | 0.14 (including) |
| MRG for RHEL-5 v. 2 | RedHat | mrg-release-0:2.2.0-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | python-qpid-0:0.14-11.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-cpp-mrg-0:0.14-22.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-java-0:0.18-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-jca-0:0.18-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-qmf-0:0.14-14.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-tools-0:0.14-6.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | mrg-release-0:2.2.0-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-cpp-0:0.14-22.el6_3 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-java-0:0.18-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-jca-0:0.18-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-qmf-0:0.14-14.el6_3 | * |
| Red Hat Enterprise MRG 2 | RedHat | xerces-c-0:3.0.1-20.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | xqilla-0:2.2.3-8.el6 | * |
| Qpid-cpp | Ubuntu | precise | * |
| Qpid-cpp | Ubuntu | quantal | * |
| Qpid-cpp | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://rhn.redhat.com/errata/RHSA-2012-1277.html
- http://rhn.redhat.com/errata/RHSA-2012-1279.html
- http://secunia.com/advisories/50186
- http://secunia.com/advisories/50698
- http://svn.apache.org/viewvc?view=revision\u0026revision=1352992
- http://www.openwall.com/lists/oss-security/2012/08/09/6
- http://www.securityfocus.com/bid/54954
- https://bugzilla.redhat.com/show_bug.cgi?id=836276
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77568
- https://issues.apache.org/jira/browse/QPID-3849
- http://rhn.redhat.com/errata/RHSA-2012-1277.html
- http://rhn.redhat.com/errata/RHSA-2012-1279.html
- http://secunia.com/advisories/50186
- http://secunia.com/advisories/50698
- http://svn.apache.org/viewvc?view=revision\u0026revision=1352992
- http://www.openwall.com/lists/oss-security/2012/08/09/6
- http://www.securityfocus.com/bid/54954
- https://bugzilla.redhat.com/show_bug.cgi?id=836276
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77568
- https://issues.apache.org/jira/browse/QPID-3849