Security Advisories

This section documents security advisories for RDFox.

RD-2486 - 5.9 (Medium)

RDFox’s ODBC data source allows administrators to connect RDFox to external databases via ODBC and construct tuple tables to enable querying and reasoning over those tables. To facilitate the construction of those tuple tables, RDFox supports “sampling” directly from the ODBC data source. In the versions affected by this bug, sampling of an ODBC data source table which contains a NULL value in a column of STRING type could cause RDFox to print a section of its memory as output, and then crash. It is possible that the printed memory could contain sensitive information otherwise protected by RDFox’s access control system.

Note: In order to exploit this issue, an attacker must have read privileges over an ODBC data source to which RDFox is connected and the ODBC data source must contain one or more tables with a NULL value in a column of STRING type.

Mitigations

Users of the affected versions are advised to upgrade to a fixed version. If they are unable to upgrade immediately, they should consider the following mitigations:

  1. Revoke write privileges over the data source list (preventing users from connecting new ODBC data sources) from all non-administrator users.

  2. Revoke read privileges over any existing ODBC data sources from all non-administrator users.

Affected Versions

This issue affects RDFox versions v7.4, v7.4a, v7.4b, v7.5 and v7.5a.

Resolution

This issue is fixed in patch releases v7.5b and v7.4c. Users of the affected versions are advised to upgrade to a fixed version as soon as possible to prevent exploitation of this issue. Upgrading to a patched version provides protection from this issue immediately without need for further action.

CVSS Score

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N. – 5.9 (Medium)

RD-2389 - 6.0 (Medium)

RDFox’s access control system allows administrators to specify which named graphs each agent is allowed to read and write. In the versions affected by this bug, authorization checks were not performed when RDFox’s syntax extensions for accessing tuple tables (see Section 9.4) were used to query the Quads tuple table where RDFox stores all named graph facts. This would allow an attacker to read triples in any named graph even while authenticated as an agent with no named graph access privileges.

Note that this bug affected only reading from named graphs: authorization checks for writing to named graphs were performed correctly. Note also that, in order to exploit this vulnerability, an agent must hold a read privilege over the Quads tuple table.

Mitigations

As an interim measure to secure sensitive data, administrators can revoke read privileges over the Quads tuple table from any user who should not have access to all named graphs, until they can upgrade to a fixed version.

Affected Versions

This issue affects all versions from 6.1 to 7.2d inclusive, 7.3 to 7.3d inclusive, and 7.4.

Resolution

This issue is fixed in patch releases v7.2e, v7.3e, and v7.4a. Users of the affected versions are advised to upgrade to a fixed version as soon as possible to prevent exploitation of this issue. Upgrading to a patched version provides protection from this issue immediately without need for further action.

CVSS Score

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. – 6.0 (Medium)

RD-2210 - 2.3 (Low)

A logic error in the SKOLEM built-in tuple table could allow a remotely authenticated attacker to capture the content of memory allocated for construction of a SKOLEM blank node identifier into the identifier itself. This corrupts the system and, if the identifiers are formatted in query responses, may lead to unauthorized disclosure of information depending on what data was previously stored in the allocated memory.

To exploit this issue, one or more IRIs whose length excluding the final segment is a multiple of 3 must be stored in the data store. An attacker with write privileges could establish this condition and could also add the incorrect identifiers back into the dictionary to be harvested at a later date using rules or SPARQL updates. Once the necessary IRIs or any faulty SKOLEM identifiers are present in the dictionary, an attacker with read privileges could read them by querying.

Mitigations

There are no advised mitigations for this issue. Please see the resolution section below.

Affected Versions

This issue affects versions v7.3, v7.3a, and v7.3c.

Resolution

This issue is fixed in v7.3d and later versions. Users of one of the affected versions are advised to upgrade to a fixed version as soon as possible to prevent new exploitation of this issue. After upgrading, they should also follow the v7.3d upgrade instructions to ensure that their system is free of any incorrect SKOLEM identifiers created by this issue.

CVSS Score

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N. – 2.3 (Low)