Executive Summary
Summary | |
---|---|
Title | uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID |
Informations | |||
---|---|---|---|
Name | VU#473698 | First vendor Publication | 2022-05-09 |
Vendor | VU-CERT | Last vendor Modification | 2023-04-04 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N | |||
---|---|---|---|
Overall CVSS Score | 6.5 | ||
Base Score | 6.5 | Environmental Score | 6.5 |
impact SubScore | 4.2 | Temporal Score | 6.5 |
Exploitabality Sub Score | 2.2 | ||
Attack Vector | Network | Attack Complexity | High |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | Low | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewThe uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment. DescriptionThe uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The uClibc library has not been updated since May of 2012. The newer uClibc-ng is the currently maintained fork of uClibc, as announced on the OpenWRT mailing list in July 2014. Researchers at the Nozomi Networks Security Research Team discovered that all existing versions of uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning. These libraries do not employ any randomization in the DNS Transaction ID (DNS TXID) field when creating a new DNS request. This can allow an attacker to send maliciously crafted DNS packets to corrupt the DNS cache with invalid entries and redirect users to arbitrary sites. As uClibc and uClibc-ng are used in devices such as home routers and firewalls, an attacker can perform attacks against multiple users in a shared network environment that relies on DNS responses from the vulnerable device. The DNS cache poisoning scenarios and defenses are discussed in IETF RFC5452. ImpactThe lack of DNS response validation can allow an attacker to use unsolicited DNS responses to poison the DNS cache and redirect users to malicious sites. SolutionApply a patchIf your vendor has developed a patched version of uClibc or uClibc-ng to address this issue, apply the updates provided by your vendor. uClibc-ng was updated to 1.0.41 on 05/20/2022. Product DevelopersIf you have a forked or customized version of uClibc or uClibc-ng, develop or adopt a patch to ensure the Follow security best practicesConsider the following security best-practices to protect DNS infrastructure:
AcknowledgementsThanks to the Nozomi Networks Security Research Team for this report This document was written by Vijay Sarvepalli and Timur Snoke. |
Original Source
Url : https://kb.cert.org/vuls/id/473698 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-330 | Use of Insufficiently Random Values |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 |
Alert History
Date | Informations |
---|---|
2023-04-04 17:22:10 |
|
2023-02-22 17:22:09 |
|
2022-08-29 17:22:01 |
|
2022-07-12 17:22:01 |
|
2022-07-06 21:22:00 |
|
2022-06-06 17:21:57 |
|
2022-05-27 21:22:01 |
|
2022-05-26 21:22:01 |
|
2022-05-23 17:21:56 |
|
2022-05-16 21:34:40 |
|
2022-05-11 21:17:44 |
|
2022-05-10 21:17:43 |
|
2022-05-10 00:29:39 |
|
2022-05-10 00:17:42 |
|
2022-05-09 21:29:54 |
|
2022-05-09 21:17:45 |
|