Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 865253 (CVE-2022-34294)

Summary: net-dns/totd: dns cache poisoning
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: maintainer-needed
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2022/08/14/2
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-15 16:26:28 UTC 
CVE-2022-34294:

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.

"Because the projects age, there are no patches available for the described issues."
Comment 1 Larry the Git Cow gentoo-dev 2024-01-07 01:03:15 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=263ada4ff064f2efbf53f85971b53dbb202a8d6a

commit 263ada4ff064f2efbf53f85971b53dbb202a8d6a
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2024-01-07 01:00:40 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-01-07 01:00:53 +0000

    profiles: last rite net-dns/totd
    
    Bug: https://bugs.gentoo.org/856466
    Bug: https://bugs.gentoo.org/865253
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-02-10 12:10:42 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63b794b3a21829c48815eb69dd2358470a8e1814

commit 63b794b3a21829c48815eb69dd2358470a8e1814
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2024-02-10 12:06:51 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2024-02-10 12:06:51 +0000

    net-dns/totd: treeclean
    
    Closes: https://bugs.gentoo.org/861296
    Closes: https://bugs.gentoo.org/900058
    Bug: https://bugs.gentoo.org/856466
    Bug: https://bugs.gentoo.org/865253
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 net-dns/totd/Manifest                         |  1 -
 net-dns/totd/files/totd                       | 38 -------------------------
 net-dns/totd/files/totd-1.5.1-fix-CC.patch    | 11 --------
 net-dns/totd/files/totd-1.5.1-no_werror.patch | 11 --------
 net-dns/totd/metadata.xml                     | 10 -------
 net-dns/totd/totd-1.5.1.ebuild                | 40 ---------------------------
 profiles/package.mask                         |  5 ----
 7 files changed, 116 deletions(-)