RTI Connext Professional Improper Restriction of XML External Entity Reference Vulnerability Allowing Unauthorized File Read

A critical vulnerability exists in RTI Connext Professional Core Libraries, specifically in versions 7.4.0 prior to 7.7.0, 7.0.0 prior to 7.3.1.1, 6.1.0 prior to 6.1.*, 6.0.0 prior to 6.0.*, 5.3.0 prior to 5.3.* and 4.3x prior to 5.2.*. This vulnerability allows for unauthorized local file system read access by exploiting improper handling of XML external entity references. The issue can be triggered by providing a malicious XML document, either through the file system or remotely via RTPS messages, during the application's startup process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to local files, potentially allowing sensitive information to be read or manipulated. Additionally, it could cause the application to crash, disrupting service availability.

Reproduction

To reproduce this vulnerability, upload a malicious XML file that references external entities into the application's file system. Then, during the application's startup, ensure that it loads this XML file as part of its configuration. The application will parse the XML, and the malicious references will be followed, leading to unauthorized file reads.

Remediation

Users can update to RTI Connext Professional versions 7.7.0 or 7.3.1.2, both of which include the necessary fix. For versions 6.1.2.29, 6.1.2.23, 6.1.2.21, 6.0.1.43, 5.3.1.45 and 4.4x prior to 5.2.*, patches are available upon request through the RTI Customer Portal.