Openwall GNU/*/Linux Information for VU#800113

Multiple DNS implementations vulnerable to cache poisoning



Vendor Statement

Openwall GNU/*/Linux (Owl) 2.0-stable and current used versions of BIND
that did not randomize query source port numbers.  This has been
corrected by updating to BIND 9.3.5-P1 in Owl-current on July 8th and in
Owl 2.0-stable on July 11th, 2008.  Query IDs were already being
randomized by versions of BIND in supported branches of Owl.

Additionally, the DNS resolver in our revision of the GNU C Library
(glibc) had been modified to randomize query IDs in year 2000, before
Owl was first made available to the general public.  However, it was
not, and it still has not been, modified to randomize source ports as
well.  With these issues getting more attention lately, this is being
considered as a higher priority task now.

Also relevant is the fact that running our "userland" with a recent
Linux kernel (2.6.24 or newer) introduces randomization of source port
numbers for UDP-based queries, although added security of this setup has
not been fully evaluated (specifically, whether new port numbers are
allocated for every query in all cases and whether the produced sequence
of random port numbers is sufficiently cryptographically secure).

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.