This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1288070 - Suspected security vulnerability in sun.nio.ch.PipeImpl
Suspected security vulnerability in sun.nio.ch.PipeImpl
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: java-1.8.0-openjdk (Show other bugs)
rawhide
All Windows
unspecified Severity unspecified
: ---
: ---
Assigned To: Deepak Bhole
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-03 07:40 EST by Matthias-Christian Ott
Modified: 2015-12-03 15:19 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-03 15:19:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthias-Christian Ott 2015-12-03 07:40:59 EST
sun.nio.ch.PipeImpl creates a TCP/IP socket pair and binds socket sc2 an ephemeral port on 127.0.0.1. It then generates a 64-bit random number with an insecure random number generator, connects from sc1 to sc2 and sends the generated number. If the received number matches the sent number, the connection is established. Otherwise a new random number is generated and the process is repeated until the numbers match.

On most operating systems there is no access control for loopback TCP/IP connections (in their default configuration), so an attacker can submit their own guess of the random number by exploiting a race condition. This would at most require 2^64 attempts (the usual speed-ups apply). Moreover, the attack can be significantly accelerated by the fact the random number generator is partially predictable. If CryptGenRandom fails on Microsoft Windows, the seed for the random number generator is java.lang.System#nanoTime and the number of invocations of java.util.Random. Both values can be estimated by the attacker by observing the use of system resources. Otherwise the seed of the random number generator is 64-bit.
Comment 4 Deepak Bhole 2015-12-03 15:19:01 EST
Hello, thank you for reporting this issue. Red Hat only supports OpenJDK on Linux at this time, and this issue appears to affect Windows specifically.

Please report this issue to Oracle directly as they maintain OpenJDK on Windows actively: 

https://www.oracle.com/support/assurance/vulnerability-remediation/reporting-security-vulnerabilities.html

Closing issue here.

Note You need to log in before you can comment on or make changes to this bug.