🚨Tailscale Flaws Let Attackers Pin CPU Cores and Bypass ACLs
Attackers can now pin your Tailscale node's CPU cores
TL;DR
A new vulnerability in Tailscale lets attackers send a malformed HTTP request to permanently consume one CPU core on the target node. Upgrading to version 1.98.9 fixes this issue, along with several other security flaws.
Tailscale just exposed a critical flaw that allows attackers to pin a CPU core indefinitely by sending a single malformed HTTP request. The server doesn't enforce timeouts for these requests, causing an infinite loop and consuming one CPU core. This affects all nodes running Tailscale Serve or Funnel on versions prior to 1.98.9. Upgrading to the latest version is crucial as it fixes this issue along with several other security vulnerabilities, including ACL bypasses in SSH and Unix socket forwarding.

Key Points
A single malformed HTTP request can permanently consume one CPU core on affected nodes (CVE-2023-4756).
Tailscale Serve and Funnel versions prior to 1.98.9 are vulnerable, but upgrading fixes the issue.
Insecure command line argument handling in Tailscale SSH permitted root user access via usernames starting with -i (CVE-2023-4758).
Insufficient inbound packet filtering allowed access to loopback-bound listeners on non-advertised ports (CVE-2023-4761).
Tailscale SSH Unix socket forwarding did not respect symlink permissions, allowing privileged socket access (CVE-2023-4765)
Why It Matters
If you're running Tailscale Serve or Funnel on versions prior to 1.98.9, your nodes are at risk of having their CPU cores pinned by attackers. Upgrading to the latest version is crucial as it fixes this and several other security vulnerabilities that could lead to ACL bypasses and root access.
Frequently Asked Questions
Why does this matter?
If you're running Tailscale Serve or Funnel on versions prior to 1.98.9, your nodes are at risk of having their CPU cores pinned by attackers. Upgrading to the latest version is crucial as it fixes this and several other security vulnerabilities that could lead to ACL bypasses and root access.
What happened?
A new vulnerability in Tailscale lets attackers send a malformed HTTP request to permanently consume one CPU core on the target node. Upgrading to version 1.98.9 fixes this issue, along with several other security flaws.
Comments
Be the first to comment
Enjoyed this article?
Get it daily. 7am. Free. Reads in 5 minutes.
Join 2,074 builders reading daily.