Multiple Vendor Predictable Resolver ID Vulnerability

A vulnerability exists in the resolver routines supplied with glibc, up to and including 2.1.3. The glibc resolution routines will use information regarding the time on the machine, together with a process pid, to generate a random ID. Guessing this information intelligently is fairly easy. This, coupled with the fact that the resolver routines will discard any non-matching ID, allows for a brute force guess of the ID.

ID's are used by the resolver library to match requests with queries. This is the only form of verification the host has that the return packets are actually from the nameserver it requested information from. Being able to predict this may make it possible to return bogus return information, or perform a variety of DNS based attacks.

The real world susceptibility of the resolver to the attacks above has not been demonstrated.


 

Privacy Statement
Copyright 2010, SecurityFocus