Bug 454566 - kernel: randomize udp port allocation
Summary: kernel: randomize udp port allocation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 454567 454568 454569 454570 454571 454572 454961 458325
Blocks: CVE-2008-1447
TreeView+ depends on / blocked
 
Reported: 2008-07-09 02:03 UTC by Eugene Teo (Security Response)
Modified: 2019-09-29 12:25 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-09-02 17:43:36 UTC
Embargoed:

Attachments (Terms of Use)
Proposed backported patch for RHEL-4.8 (6.58 KB, patch)
2008-07-09 14:27 UTC, Eugene Teo (Security Response) 		no flags Details | Diff
Proposed backported patch for RHEL-5.3 (6.09 KB, patch)
2008-07-09 14:28 UTC, Eugene Teo (Security Response) 		no flags Details | Diff
Proposed backported patch for RHEL-2.1 (6.91 KB, patch)
2008-07-10 02:28 UTC, Eugene Teo (Security Response) 		no flags Details | Diff
Proposed backported patch for RHEL-3.9 (7.02 KB, patch)
2008-07-10 02:29 UTC, Eugene Teo (Security Response) 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0650 0 normal SHIPPED_LIVE kernel bug fix update 2008-08-04 19:00:20 UTC
Red Hat Product Errata RHSA-2008:0612 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-08-06 14:46:27 UTC

Description Eugene Teo (Security Response) 2008-07-09 02:03:49 UTC 
The Linux kernel 2.6.24 implements random source ports for UDP (where none is
specified by the application). However, we do not ship a kernel that implements
UDP port randomization in Red Hat Enterprise Linux 2.1, 3, 4, or 5.

This bug is created to make sure that we backport a kernel patch that would
cause UDP port allocation to be randomized like TCP.
Comment 1 Eugene Teo (Security Response) 2008-07-09 02:05:21 UTC 
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=32c1da70810017a98aa6c431a5494a302b6b9a30
Comment 4 Eugene Teo (Security Response) 2008-07-09 02:15:08 UTC 
Created attachment 311337 [details]
Upstream patch for this issue
Comment 6 Mark J. Cox 2008-07-09 06:37:10 UTC 
Implementing this would mitigate CVE-2008-1447 as applied to the glibc stub
resolver.
Comment 8 Eugene Teo (Security Response) 2008-07-09 14:27:08 UTC 
Created attachment 311378 [details]
Proposed backported patch for RHEL-4.8
Comment 9 Eugene Teo (Security Response) 2008-07-09 14:28:09 UTC 
Created attachment 311379 [details]
Proposed backported patch for RHEL-5.3
Comment 10 Eugene Teo (Security Response) 2008-07-10 02:28:11 UTC 
Created attachment 311434 [details]
Proposed backported patch for RHEL-2.1
Comment 11 Eugene Teo (Security Response) 2008-07-10 02:29:09 UTC 
Created attachment 311435 [details]
Proposed backported patch for RHEL-3.9
Comment 13 Mark J. Cox 2008-08-04 17:40:23 UTC 
Whilst we're providing updates for Red Hat Enterprise Linux 4 and 5 to backport this functionality we have not labeled them as a security fix because they're only a partial help towards mitigation.  The glibc stub resolver is not a recursive resolver and therefore is not affected directly by the recent DNS exploits (which rely on a caching recursive resolver).  Different attacks against stub resolvers may still be possible, but for the most part an attacker would need to be on a local network and would be likely to be able to perform other attacks more easily.
Note You need to log in before you can comment on or make changes to this bug.