eprosima Fast DDS PermissionsCA Validation Vulnerability

A vulnerability exists in eprosima Fast DDS versions prior to 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, where the PermissionsCA certificate is not properly validated. The access control plugin only verifies the S/MIME signature, allowing expired PermissionsCA to be accepted as valid. This flaw can lead to the system crashing when PermissionsCA is not self-signed and lacks the full chain, although the overall impact is considered low.

Impact

Exploitation of this vulnerability allows the use of expired PermissionsCA for governance and permissions, and can cause the system to crash under certain conditions with improperly chained PermissionsCA.

Reproduction

The vulnerability can be reproduced by using eprosima Fast DDS version 2.6.9 with ROS 2 Humble. Create a PermissionsCA certificate that is expired or not self-signed, and attempt to use it without the full chain. The system will accept the expired certificate as valid, leading to a crash.

Remediation

Users can upgrade to eprosima Fast DDS versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, or 3.2.0 to address this vulnerability.