Protocol fuzzing to find security vulnerabilities of RabbitMQ

被引:3
|
作者
Kwon, Soonhong [1 ]
Son, Sang-Jin [2 ]
Choi, Yangseo [3 ]
Lee, Jong-Hyouk [1 ]
机构
[1] Sejong Univ, Protocol Engn Lab, Seoul, South Korea
[2] FADU, Seoul, South Korea
[3] Elect & Telecommun Res Inst, Daejeon, South Korea
来源
CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE | 2021年 / 33卷 / 23期
基金
新加坡国家研究基金会;
关键词
MQTT; protocol fuzzing; RabbitMQ; vulnerability;
D O I
10.1002/cpe.6012
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
A message broker is widely used to enable applications, systems, and services to communicate with each other. One of the widely used message brokers is RabbitMQ that provides various functions and stability. However, as presented in this paper, RabbitMQ is vulnerable. In this paper, we present how RabbitMQ is exploited by protocol fuzzing, which is a common way to find unknown vulnerabilities inherent in software. We describe our protocol fuzzing procedures in detail and present conducted results.
引用
收藏
页数:14
相关论文
共 50 条
  • [1] The Appilication of Fuzzing in Web software security vulnerabilities Test
    Li, Li
    Dong, Qiu
    Liu, Dan
    Zhu, Leilei
    [J]. 2013 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS (ITA), 2013, : 130 - 133
  • [2] Fuzzing Malicious Driving Behavior to find Vulnerabilities in Collision Avoidance Systems
    Salgado, Ivan F.
    Quijano, Nicanor
    Fremont, Daniel J.
    Cardenas, Alvaro A.
    [J]. 7TH IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2022), 2022, : 368 - 375
  • [3] Fuzzing Wi-Fi drivers to locate security vulnerabilities
    Mendonca, Manuel
    Neves, Nuno Ferreira
    [J]. HASE 2007: 10TH IEEE HIGH ASSURANCE SYSTEMS ENGINEERING SYMPOSIUM, PROCEEDINGS, 2007, : 379 - 380
  • [4] Fuzzing Wi-Fi drivers to locate security vulnerabilities
    Mendonca, Manuel
    Neves, Nuno
    [J]. EDCC-7: SEVENTH EUROPEAN DEPENDABLE COMPUTING CONFERENCE, PROCEEDINGS, 2008, : 110 - 119
  • [5] Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control
    Liu, Puzhuo
    Zheng, Yaowen
    Song, Zhanwei
    Fang, Dongliang
    Lv, Shichao
    Sun, Limin
    [J]. JOURNAL OF SYSTEMS ARCHITECTURE, 2022, 127
  • [6] Analysis of the DoIP Protocol for Security Vulnerabilities
    Wachter, Patrick
    Kleber, Stephan
    [J]. PROCEEDINGS OF 6TH ACM COMPUTER SCIENCE IN CARS SYMPOSIUM, CSCS 2022, 2022,
  • [7] Approaches to find vulnerabilities and security in the digital production networks
    Parfenov, Denis
    Zabrodina, Lubov
    Torchin, Vadim
    Parfenov, Anton
    [J]. INTERNATIONAL SCIENTIFIC CONFERENCE ON APPLIED PHYSICS, INFORMATION TECHNOLOGIES AND ENGINEERING (APITECH-2019), 2019, 1399
  • [8] Security issues and vulnerabilities of the SNMP protocol
    Chatzimisios, P
    [J]. 2004 1st International Conference on Electrical and Electronics Engineering (ICEEE), 2004, : 74 - 77
  • [9] Fuzzing LibraryOSes for Iago vulnerabilities
    Dyachkov, Leonid
    Orenbach, Meni
    Silberstien, Mark
    [J]. PROCEEDINGS OF THE 16TH ACM INTERNATIONAL SYSTEMS AND STORAGE CONFERENCE, SYSTOR 2023, 2023, : 151 - 151
  • [10] An Overview of the EMV Protocol and Its Security Vulnerabilities
    El Madhoun, Nour
    Bertin, Emmanuel
    Pujolle, Guy
    [J]. PROCEEDINGS OF THE 2018 FOURTH INTERNATIONAL CONFERENCE ON MOBILE AND SECURE SERVICES (MOBISECSERV), 2018,
12345