Bugtraq mailing list archives
Re: SNI-12: BIND Vulnerabilities and Solutions
From: daw () CS BERKELEY EDU (David Wagner)
Date: Wed, 23 Apr 1997 00:52:49 -0700
In article <199704230609.AAA19514 () cvs openbsd org>, Theo de Raadt <deraadt () CVS OPENBSD ORG> wrote:
It attempts to make the query ID unpredictable, but fails -- the "random" numbers it generates are still predictable (after a trivial 2^16 offline trials).Did you include all the details included in res_random.c such as the code which causes the entire system is reset with whole new seeds after a fixed period of time (300 seconds is it)? You can predict a sequence and feed it the next few numbers before the generator reseeds itself?
Sure. Any real attack would be automated. 300 seconds is an eternity, in computer time. The 2^16 trials for prediction is easily doable in a fraction of a second.
And the seeding is terrible -- two years ago Netscape used timeofday and pid to seed their PRNG, too, and look what happened to them.Hey, I make no apologies for operating systems that ship without a source of strong(ish) random numbers in their libc!
If Netscape had used that excuse, they'd have been crucified. Let's not get into the blame game. My concern is that the patch, as provided, won't fix the predictable-query-ID hole on most systems, and folks need to know this.
Current thread:
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems), (continued)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Johannes Erdfelt (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Yiorgos Adamopoulos (Apr 24)
- firewall-1: old broadcast address hole? Tom Vandepoel (Apr 24)
- CERT Advisory CA-97.10 - Vulnerability in Natural Language Service Aleph One (Apr 24)
- CERT Vendor-Initiated Bulletin VB-97.02 - Guestbook Script Vul Aleph One (Apr 24)
- [linux-security] Linux squake security hole (provides root if Aleph One (Apr 24)
- Re: SNI-12: BIND Vulnerabilities and Solutions David Wagner (Apr 22)
- Re: SNI-12: BIND Vulnerabilities and Solutions Theo de Raadt (Apr 22)
- ANUNCIO: Nueva lista sobre seguridad, en espanol Ivan Arce,CORE (Apr 22)
- Re: ANUNCIO: Nueva lista sobre seguridad, en espanol The CyberFish (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions David Wagner (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions David Wagner (Apr 23)