Executive Summary

Summary
Title uIP and lwIP DNS resolver vulnerable to cache poisoning
Informations
Name VU#210620 First vendor Publication 2014-11-03
Vendor VU-CERT Last vendor Modification 2014-11-03
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#210620

uIP and lwIP DNS resolver vulnerable to cache poisoning

Original Release date: 03 Nov 2014 | Last revised: 03 Nov 2014

Overview

The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs (TXIDs) and source port reuse.

Description

CWE-330: Use of Insufficiently Random Values - CVE-2014-4883

The DNS resolver implemented in all versions of uIP, as well as lwIP versions 1.4.1 and earlier, is vulnerable to cache poisoning due to non-randomized transaction IDs (TXIDs) and source port reuse.

For more information on the technical details and impact of this vulnerability, please refer to VU#800113.

Impact

A remote, unauthenticated attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.

Solution

Apply an Update

lwIP has committed a fix to the lwIP source repository. If possible, users and downstream developers should upgrade to lwIP git commit b8d798158bce0068260302371afb2b4ab4d3678a or greater.

uIP is now incorporated into the Contiki project. No patch has been made available by Contiki at this time.

Please refer to VU#800113 for additional remediation and mitigation suggestions.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Contiki OSAffected01 Sep 201427 Oct 2014
lwIPAffected14 Aug 201421 Oct 2014
Philips ElectronicsAffected09 Sep 201421 Oct 2014
ThingsquareUnknown11 Sep 201427 Oct 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal5.0E:U/RL:OF/RC:C
Environmental5.0CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://cwe.mitre.org/data/definitions/330.html
  • http://savannah.nongnu.org/projects/lwip/
  • http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a
  • http://www.thingsquare.com/

Credit

Thanks to Allen D. Householder for reporting this vulnerability.

This document was written by Todd Lewellen.

Other Information

  • CVE IDs:CVE-2014-4883
  • Date Public:03 Nov 2014
  • Date First Published:03 Nov 2014
  • Date Last Updated:03 Nov 2014
  • Document Revision:18

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/210620

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-345 Insufficient Verification of Data Authenticity

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-01-09 00:28:03
  • Multiple Updates
2014-11-28 21:29:06
  • Multiple Updates
2014-11-28 09:28:32
  • Multiple Updates
2014-11-03 17:23:26
  • First insertion