Bug 1169008 (CVE-2014-4883) - CVE-2014-4883 xen: embedded lwIP's DNS resolver does not randomize ID fields or source ports of DNS query packets
Summary: CVE-2014-4883 xen: embedded lwIP's DNS resolver does not randomize ID fields ...
Status: NEW
Alias: CVE-2014-4883
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140915,repor...
Keywords: Security
Depends On: 1169009
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-28 20:40 UTC by Vincent Danen
Modified: 2014-11-28 20:44 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Vincent Danen 2014-11-28 20:40:50 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4883 to
the following vulnerability:

Name: CVE-2014-4883
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4883
Assigned: 20140710
Reference: http://git.savannah.gnu.org/cgit/lwip.git/commit/?h=DEVEL-1_4_1&id=9fb46e120655ac481b2af8f865d5ae56c39b831a
Reference: CERT-VN:VU#210620
Reference: http://www.kb.cert.org/vuls/id/210620

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in
lwIP 1.4.1 and earlier, does not use random values for ID fields and
source ports of DNS query packets, which makes it easier for
man-in-the-middle attackers to conduct cache-poisoning attacks via
spoofed reply packets.


NOTE: Xen as shipped with Fedora contains an embedded copy of lwip.  It's not known for certain whether the affected functionality affects Xen, however.

Comment 1 Vincent Danen 2014-11-28 20:44:35 UTC
Looking at xen-4.3.3/stubdom/lwip/src/core/dns.c the code is quite a bit different (note this is lwip-1.3.0) and it doesn't seem to even make an attempt at randomization in any way so the patch noted above may not be sufficient.

I am going to file a Fedora tracking bug for this; the Xen developer will know best whether or not this is something that concerns Xen at all.

Comment 2 Vincent Danen 2014-11-28 20:44:53 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1169009]


Note You need to log in before you can comment on or make changes to this bug.