Bug 1169008 (CVE-2014-4883) - CVE-2014-4883 xen: embedded lwIP's DNS resolver does not randomize ID fields or source ports of DNS query packets
Summary: CVE-2014-4883 xen: embedded lwIP's DNS resolver does not randomize ID fields ...
Alias: CVE-2014-4883
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1169009
TreeView+ depends on / blocked
Reported: 2014-11-28 20:40 UTC by Vincent Danen
Modified: 2019-09-29 13:24 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2019-06-08 02:36:40 UTC

Attachments (Terms of Use)

Description Vincent Danen 2014-11-28 20:40:50 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4883 to
the following vulnerability:

Name: CVE-2014-4883
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4883
Assigned: 20140710
Reference: http://git.savannah.gnu.org/cgit/lwip.git/commit/?h=DEVEL-1_4_1&id=9fb46e120655ac481b2af8f865d5ae56c39b831a
Reference: CERT-VN:VU#210620
Reference: http://www.kb.cert.org/vuls/id/210620

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in
lwIP 1.4.1 and earlier, does not use random values for ID fields and
source ports of DNS query packets, which makes it easier for
man-in-the-middle attackers to conduct cache-poisoning attacks via
spoofed reply packets.

NOTE: Xen as shipped with Fedora contains an embedded copy of lwip.  It's not known for certain whether the affected functionality affects Xen, however.

Comment 1 Vincent Danen 2014-11-28 20:44:35 UTC
Looking at xen-4.3.3/stubdom/lwip/src/core/dns.c the code is quite a bit different (note this is lwip-1.3.0) and it doesn't seem to even make an attempt at randomization in any way so the patch noted above may not be sufficient.

I am going to file a Fedora tracking bug for this; the Xen developer will know best whether or not this is something that concerns Xen at all.

Comment 2 Vincent Danen 2014-11-28 20:44:53 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1169009]

Comment 3 Product Security DevOps Team 2019-06-08 02:36:40 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Note You need to log in before you can comment on or make changes to this bug.