Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 454566 - kernel: randomize udp port allocation
kernel: randomize udp port allocation
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,source=cert,reported...
:
Depends On: 454567 454568 454569 454570 454571 454572 454961 458325
Blocks: CVE-2008-1447
  Show dependency treegraph
 
Reported: 2008-07-08 22:03 EDT by Eugene Teo (Security Response)
Modified: 2015-09-02 13:43 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-02 13:43:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed backported patch for RHEL-4.8 (6.58 KB, patch)
2008-07-09 10:27 EDT, Eugene Teo (Security Response) 		no flags Details | Diff
Proposed backported patch for RHEL-5.3 (6.09 KB, patch)
2008-07-09 10:28 EDT, Eugene Teo (Security Response) 		no flags Details | Diff
Proposed backported patch for RHEL-2.1 (6.91 KB, patch)
2008-07-09 22:28 EDT, Eugene Teo (Security Response) 		no flags Details | Diff
Proposed backported patch for RHEL-3.9 (7.02 KB, patch)
2008-07-09 22:29 EDT, Eugene Teo (Security Response) 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0650 normal SHIPPED_LIVE kernel bug fix update 2008-08-04 15:00:20 EDT
Red Hat Product Errata RHSA-2008:0612 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-08-06 10:46:27 EDT

  None (edit)
Description Eugene Teo (Security Response) 2008-07-08 22:03:49 EDT 
The Linux kernel 2.6.24 implements random source ports for UDP (where none is
specified by the application). However, we do not ship a kernel that implements
UDP port randomization in Red Hat Enterprise Linux 2.1, 3, 4, or 5.

This bug is created to make sure that we backport a kernel patch that would
cause UDP port allocation to be randomized like TCP.
Comment 4 Eugene Teo (Security Response) 2008-07-08 22:15:08 EDT 
Created attachment 311337 [details]
Upstream patch for this issue
Comment 6 Mark J. Cox 2008-07-09 02:37:10 EDT 
Implementing this would mitigate CVE-2008-1447 as applied to the glibc stub
resolver.
Comment 8 Eugene Teo (Security Response) 2008-07-09 10:27:08 EDT 
Created attachment 311378 [details]
Proposed backported patch for RHEL-4.8
Comment 9 Eugene Teo (Security Response) 2008-07-09 10:28:09 EDT 
Created attachment 311379 [details]
Proposed backported patch for RHEL-5.3
Comment 10 Eugene Teo (Security Response) 2008-07-09 22:28:11 EDT 
Created attachment 311434 [details]
Proposed backported patch for RHEL-2.1
Comment 11 Eugene Teo (Security Response) 2008-07-09 22:29:09 EDT 
Created attachment 311435 [details]
Proposed backported patch for RHEL-3.9
Comment 13 Mark J. Cox 2008-08-04 13:40:23 EDT 
Whilst we're providing updates for Red Hat Enterprise Linux 4 and 5 to backport this functionality we have not labeled them as a security fix because they're only a partial help towards mitigation.  The glibc stub resolver is not a recursive resolver and therefore is not affected directly by the recent DNS exploits (which rely on a caching recursive resolver).  Different attacks against stub resolvers may still be possible, but for the most part an attacker would need to be on a local network and would be likely to be able to perform other attacks more easily.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.