Security Advisories¶
This section documents security advisories for RDFox.
RD-2389 - 6.0 (Medium)¶
RDFox’s access control system allows administrators to specify which named
graphs each agent is allowed to read and write. In the versions affected by
this bug, authorization checks were not performed when RDFox’s syntax
extensions for accessing tuple tables (see Section 9.4)
were used to query the Quads tuple table where RDFox stores all named graph
facts. This would allow an attacker to read triples in any named graph even
while authenticated as an agent with no named graph access privileges.
Note that this bug affected only reading from named graphs: authorization
checks for writing to named graphs were performed correctly. Note also that, in
order to exploit this vulnerability, an agent must hold a read privilege over the
Quads tuple table.
Mitigations¶
As an interim measure to secure sensitive data, administrators can revoke read
privileges over the Quads tuple table from any user who should not have
access to all named graphs, until they can upgrade to a fixed version.
Affected Versions¶
This issue affects all versions from 6.1 to 7.2d inclusive, 7.3 to 7.3d inclusive, and 7.4.
Resolution¶
This issue is fixed in patch releases v7.2e, v7.3e, and v7.4a. Users of the affected versions are advised to upgrade to a fixed version as soon as possible to prevent exploitation of this issue. Upgrading to a patched version provides protection from this issue immediately without need for further action.
CVSS Score¶
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. – 6.0 (Medium)
RD-2210 - 2.3 (Low)¶
A logic error in the SKOLEM built-in tuple table could allow a remotely authenticated attacker to capture the content of memory allocated for construction of a SKOLEM blank node identifier into the identifier itself. This corrupts the system and, if the identifiers are formatted in query responses, may lead to unauthorized disclosure of information depending on what data was previously stored in the allocated memory.
To exploit this issue, one or more IRIs whose length excluding the final segment is a multiple of 3 must be stored in the data store. An attacker with write privileges could establish this condition and could also add the incorrect identifiers back into the dictionary to be harvested at a later date using rules or SPARQL updates. Once the necessary IRIs or any faulty SKOLEM identifiers are present in the dictionary, an attacker with read privileges could read them by querying.
Mitigations¶
There are no advised mitigations for this issue. Please see the resolution section below.
Affected Versions¶
This issue affects versions v7.3, v7.3a, and v7.3c.
Resolution¶
This issue is fixed in v7.3d and later versions. Users of one of the affected versions are advised to upgrade to a fixed version as soon as possible to prevent new exploitation of this issue. After upgrading, they should also follow the v7.3d upgrade instructions to ensure that their system is free of any incorrect SKOLEM identifiers created by this issue.
CVSS Score¶
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N. – 2.3 (Low)