Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626832 (CVE-2017-12132) - <sys-libs/glibc-2.25-r5: DNS spoofing attacks due to IP fragmentation.
Summary: <sys-libs/glibc-2.25-r5: DNS spoofing attacks due to IP fragmentation.
Status: RESOLVED FIXED
Alias: CVE-2017-12132
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low minor (vote)
Assignee: Gentoo Security
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on: 637140
Blocks:
  Show dependency tree
 
Reported: 2017-08-01 19:17 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-03-27 02:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-01 19:17:40 UTC
From URL:

Description
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.



From https://sourceware.org/bugzilla/show_bug.cgi?id=21361	

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25

commit e14a27723cc3a154d67f3f26e719d08c0ba9ad25
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 13 13:09:38 2017 +0200

    resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]
    
    This hardens the stub resolver against fragmentation-based attacks.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |   21 ++
 NEWS                     |    3 +-
 include/resolv.h         |    3 -
 resolv/Makefile          |    2 +
 resolv/res_mkquery.c     |   28 +++-
 resolv/res_query.c       |   23 ++-
 resolv/resolv-internal.h |   18 ++
 resolv/tst-resolv-edns.c |  501 ++++++++++++++++++++++++++++++++++++++++++++++
 support/resolv_test.c    |   56 +++++-
 support/resolv_test.h    |   11 +
 10 files changed, 652 insertions(+), 14 deletions(-)
 create mode 100644 resolv/tst-resolv-edns.c
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2017-08-23 21:35:52 UTC
Added to 2.25 patchset, will be in patchlevel 9 or later
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2017-11-29 11:59:38 UTC
All vulnerable versions are masked. No further cleanup (toolchain package). 
Nothing to do for toolchain here anymore.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-27 02:46:50 UTC
GLSA Vote: No