454566 – kernel: randomize udp port allocation

Bug 454566 - kernel: randomize udp port allocation

Summary: kernel: randomize udp port allocation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	454567 454568 454569 454570 454571 454572 454961 458325
Blocks:	CVE-2008-1447
TreeView+	depends on / blocked

Reported:	2008-07-09 02:03 UTC by Eugene Teo (Security Response)
Modified:	2019-09-29 12:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-09-02 17:43:36 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed backported patch for RHEL-4.8 (6.58 KB, patch) 2008-07-09 14:27 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch for RHEL-5.3 (6.09 KB, patch) 2008-07-09 14:28 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch for RHEL-2.1 (6.91 KB, patch) 2008-07-10 02:28 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch for RHEL-3.9 (7.02 KB, patch) 2008-07-10 02:29 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2008:0650	0	normal	SHIPPED_LIVE	kernel bug fix update	2008-08-04 19:00:20 UTC
Red Hat Product Errata	RHSA-2008:0612	0	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-08-06 14:46:27 UTC

Description Eugene Teo (Security Response) 2008-07-09 02:03:49 UTC

The Linux kernel 2.6.24 implements random source ports for UDP (where none is
specified by the application). However, we do not ship a kernel that implements
UDP port randomization in Red Hat Enterprise Linux 2.1, 3, 4, or 5.

This bug is created to make sure that we backport a kernel patch that would
cause UDP port allocation to be randomized like TCP.

Comment 1 Eugene Teo (Security Response) 2008-07-09 02:05:21 UTC

Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=32c1da70810017a98aa6c431a5494a302b6b9a30

Comment 4 Eugene Teo (Security Response) 2008-07-09 02:15:08 UTC

Created attachment 311337 [details]
Upstream patch for this issue

Comment 6 Mark J. Cox 2008-07-09 06:37:10 UTC

Implementing this would mitigate CVE-2008-1447 as applied to the glibc stub
resolver.

Comment 8 Eugene Teo (Security Response) 2008-07-09 14:27:08 UTC

Created attachment 311378 [details]
Proposed backported patch for RHEL-4.8

Comment 9 Eugene Teo (Security Response) 2008-07-09 14:28:09 UTC

Created attachment 311379 [details]
Proposed backported patch for RHEL-5.3

Comment 10 Eugene Teo (Security Response) 2008-07-10 02:28:11 UTC

Created attachment 311434 [details]
Proposed backported patch for RHEL-2.1

Comment 11 Eugene Teo (Security Response) 2008-07-10 02:29:09 UTC

Created attachment 311435 [details]
Proposed backported patch for RHEL-3.9

Comment 13 Mark J. Cox 2008-08-04 17:40:23 UTC

Whilst we're providing updates for Red Hat Enterprise Linux 4 and 5 to backport this functionality we have not labeled them as a security fix because they're only a partial help towards mitigation.  The glibc stub resolver is not a recursive resolver and therefore is not affected directly by the recent DNS exploits (which rely on a caching recursive resolver).  Different attacks against stub resolvers may still be possible, but for the most part an attacker would need to be on a local network and would be likely to be able to perform other attacks more easily.

Note You need to log in before you can comment on or make changes to this bug.