Poster: From Fort to Foe: The Threat of RCE in RPKI

TL;DR

This paper reveals a critical RCE vulnerability in the RPKI validator Fort, demonstrating its severe impact on network security and the potential for large-scale exploitation and backdoor attacks.

Contribution

It uncovers a novel severe buffer-overflow vulnerability in Fort RPKI validator, highlighting its implications for network security and integrity.

Findings

Discovered a buffer-overflow leading to RCE in Fort RPKI validator

Vulnerability rated CVE-2024-45237 with a score of 9.8

Potential for large-scale exploitation and backdoor access

Abstract

In this work, we present a novel severe buffer-overflow vulnerability in the RPKI validator Fort, that allows an attacker to achieve Remote Code Execution (RCE) on the machine running the software. We discuss the unique impact of this RCE on networks that use RPKI, illustrating that RCE vulnerabilities are especially severe in the context of RPKI. The design of RPKI makes RCE easy to exploit on a large scale, allows compromise of RPKI validation integrity, and enables a powerful vector for additional attacks on other critical components of the network, like the border routers. We analyze the vulnerability exposing to this RCE and identify indications that the discovered vulnerability could constitute an intentional backdoor to compromise systems running the software over a benign coding mistake. We disclosed the vulnerability, which has been assigned a CVE rated 9.8 critical (CVE-2024-45237).