Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626832 (CVE-2017-12132) - <sys-libs/glibc-2.25-r5: DNS spoofing attacks due to IP fragmentation.
Summary: <sys-libs/glibc-2.25-r5: DNS spoofing attacks due to IP fragmentation.
Status: RESOLVED FIXED
Alias: CVE-2017-12132
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low minor (vote)
Assignee: Gentoo Security
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on: 637140
Blocks:
  Show dependency tree
 
Reported: 2017-08-01 19:17 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-03-27 02:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-01 19:17:40 UTC 
From URL:

Description
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.



From https://sourceware.org/bugzilla/show_bug.cgi?id=21361	

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25

commit e14a27723cc3a154d67f3f26e719d08c0ba9ad25
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 13 13:09:38 2017 +0200

    resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]
    
    This hardens the stub resolver against fragmentation-based attacks.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |   21 ++
 NEWS                     |    3 +-
 include/resolv.h         |    3 -
 resolv/Makefile          |    2 +
 resolv/res_mkquery.c     |   28 +++-
 resolv/res_query.c       |   23 ++-
 resolv/resolv-internal.h |   18 ++
 resolv/tst-resolv-edns.c |  501 ++++++++++++++++++++++++++++++++++++++++++++++
 support/resolv_test.c    |   56 +++++-
 support/resolv_test.h    |   11 +
 10 files changed, 652 insertions(+), 14 deletions(-)
 create mode 100644 resolv/tst-resolv-edns.c
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2017-08-23 21:35:52 UTC 
Added to 2.25 patchset, will be in patchlevel 9 or later
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2017-11-29 11:59:38 UTC 
All vulnerable versions are masked. No further cleanup (toolchain package). 
Nothing to do for toolchain here anymore.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-03-27 02:46:50 UTC 
GLSA Vote: No