Bug#559107: weaknesses in BSD PRNG algorithms

To: Moritz Muehlenhoff <jmm@inutil.org>, 559107@bugs.debian.org
Subject: Bug#559107: weaknesses in BSD PRNG algorithms
From: Petr Salinger <Petr.Salinger@seznam.cz>
Date: Thu, 3 Dec 2009 14:01:06 +0100 (CET)
Message-id: <Pine.LNX.4.62.0912031328110.32543@sci.felk.cvut.cz>
Reply-to: Petr Salinger <Petr.Salinger@seznam.cz>, 559107@bugs.debian.org
In-reply-to: <20091202193737.GA732@inutil.org>
References: <Pine.LNX.4.62.0912020917460.29205@sci.felk.cvut.cz> <20091201222629.4015.92086.reportbug@localhost.localdomain> <handler.559107.D559107.125974199823788.notifdone@bugs.debian.org> <20091202193737.GA732@inutil.org>

severity 559107 important
--

But the status of CVE-2008-114[678] is still open. Do they affect the
KFreeBSD port? What's the position of the FreeBSD kernel developers on
these issues?


I used as description this

http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

The GNU/kFreeBSD (kfreebsd-?) is not affected by CVE-2008-1146 and CVE-2008-1148 at all.

For CVE-2008-1147 holds:

  Exploitations of the predictability of the IP fragmentation ID were made
  public almost a decade ago.
  NetBSD, FreeBSD and DragonFlyBSD do not randomize IP fragmentation ID
  field at all by default, and provide a kernel flag
  (net.inet.ip.random_id) that enables randomization through the weak algorithm.

The weak algorithm have been replaced by upstream commit (Feb 6 2008)
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=

  Replace the random IP ID generation code we
  obtained from OpenBSD with an algorithm suggested
  by Amit Klein.  The OpenBSD algorithm has a few
  flaws; see Amit's paper for more information.

  For a description of how this algorithm works,
  please see the comments within the code.

  Note that this commit does not yet enable random IP ID
  generation by default.  There are still some concerns
  that doing so will adversely affect performance.

This commit have not been MFC-ed to STABLE-7.
The default value for net.inet.ip.random_id is 0 even in HEAD,

The FreeBSD developers/security_team did publish no "security advisory",no "errata notice", they did not include it in next release (7.1 - January 2009).


Petr

Reply to:

Follow-Ups:
- Processed: Re: Bug#559107: weaknesses in BSD PRNG algorithms
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#559107: weaknesses in BSD PRNG algorithms
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- Bug#559107: Local root exploit in rtld
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#559107: closed by Petr Salinger <Petr.Salinger@seznam.cz> (Re: Bug#559107: Local root exploit in rtld)
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: kfreebsd-kernel-headers and USB API breakage
Next by Date: Processed: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Previous by thread: Processed: Re: Bug#559107 closed by Petr Salinger <Petr.Salinger@seznam.cz> (Re: Bug#559107: Local root exploit in rtld)
Next by thread: Processed: Re: Bug#559107: weaknesses in BSD PRNG algorithms
Index(es):
- Date
- Thread