Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4883 to the following vulnerability: Name: CVE-2014-4883 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4883 Assigned: 20140710 Reference: http://git.savannah.gnu.org/cgit/lwip.git/commit/?h=DEVEL-1_4_1&id=9fb46e120655ac481b2af8f865d5ae56c39b831a Reference: CERT-VN:VU#210620 Reference: http://www.kb.cert.org/vuls/id/210620 resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. NOTE: Xen as shipped with Fedora contains an embedded copy of lwip. It's not known for certain whether the affected functionality affects Xen, however.
Looking at xen-4.3.3/stubdom/lwip/src/core/dns.c the code is quite a bit different (note this is lwip-1.3.0) and it doesn't seem to even make an attempt at randomization in any way so the patch noted above may not be sufficient. I am going to file a Fedora tracking bug for this; the Xen developer will know best whether or not this is something that concerns Xen at all.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1169009]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.