Next Page >>
predictable
Update+Errata for "OpenBSD DNS Cache Poisoning and Multiple O/S
Predictable IP ID Vulnerability"
(http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf)
Update
******
OpenBSD
Recently I've been looking at the OpenBSD PRNG implementation for
DNS transaction ID (OpenBSD ported BIND 9 into their code tree,
but rolled their own PRNG for the DNS transaction ID field). I
discovered a serious weakness in OpenBSD's PRNG, which allows an
attacker to predict the next transaction ID (typically up to 8-10
guesses) given a series of consecutive 12-15 transaction IDs. As
you may appreciate, this enables DNS cache poisoning for OpenBSD
much like my earlier attacks on BIND 9, BIND 8 and Microsoft
Windows DNS server.
simultaneously with Microsoft's release of MS08-020
(http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx).
A day later, Microsoft's Secure Windows
Initiative (SWI) team published their blog entry for MS08-
020
(http://blogs.technet.com/swi/archive/2008/04/09/ms08-020-how-predictable-is-the-dns-transaction-id.aspx).
Unfortunately, the SWI blog entry contains two serious
mistakes. The first mistake is an inaccurate description of
the PRNG used for the Microsoft Windows DNS client
Severity: Medium
References: Microsoft Security Bulletin MS07-062, CVE-2007-3898
2) Vulnerability Description
Microsoft DNS server generates predictable DNS transaction IDs. If the
server is configured to allow recursive queries it is possible to insert
fake records in the DNS cache (DNS cache poisoning) by guessing the next
transaction ID that the server will use and sending a spoofed DNS reply
to the server. To observe the transaction IDs an attacker needs to
control a DNS server that is authoritative for some domain and to be
2. *Vulnerability Information*
Class: Predictable from Observable State [CWE-341], Insufficient
Verification of Data Authenticity [CWE-345]
Impact: Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2010-1689, CVE-2010-1690
The paper
(http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf)
describes how to predict IP ID of various (BSD style) operating systems.
This can be used for "blind TCP data injection" The latter term is a
technique described by Michal Zalewski, and the paper references 2
BugTraq submissions by Zalewski that nicely explain this concept. These
are (from the paper):
[27] “A new TCP/IP blind data injection technique?” (BugTraq mailing
Asterisk Project Security Advisory - AST-2008-005
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | HTTP Manager ID is predictable |
|----------------------+-------------------------------------------------|
| Nature of Advisory | An attacker could hijack a manager session |
|----------------------+-------------------------------------------------|
| Susceptibility | All users using the HTTP manager port |
|----------------------+-------------------------------------------------|
6.1.NTLMv1 authentication protocol
6.2.The Flaws
6.3.Detecting if the SMB service generates duplicate 8-byte challenges
6.4.Exploiting duplicate challenges
6.4.1.Proof-of-Concept Exploit
6.5.Predicting challenges
6.5.1.SMB service: challenge generation process
6.5.2.Proof-of-Concept Exploit
7.References
8.Disclaimer
PW> dangerous. But it's sloppy of the Apache Group to have ignored it for half
PW> a decade.
It's quite easy. Precomputing rainbow table for MD5 crypt with known
salt is somehow equivalent to MD5 crypt bruteforcing, if you don't mind
about required amount of storage. So, predictable salt and narrowed salt
space will have some impact if salt changes in a time comparable with
time required for bruteforcing. Salt changing once in a second is really
good one, because bruteforcing takes much longer.
The only situation I can imagine predictability is significant, is you
analysis of a secure component you want to unsecure. These are known as "timing attacks".
Timing attacks were very popular years ago and this field of research is still under progress.
Briefly, timing attacks consist of analyzing the time it takes for a system to compute data in
order to predict private information about these data. The information you obtain from a timing
attack will lower the security of the component under analysis.
Benchmarking attacks include timing attacks and I found relevant enough to speak of timing
attacks prior speaking of benchmarking attacks for those of you who are not familiar with this
field of research.
Sir or Madam,
> I found this ISC announcement quite amusing:
> http://www.isc.org/index.pl?/sw/bind/docs/response_transaction_id_issues.php
> It's a text published by ISC as a follow up to the bind9 predictable id saga.
>
> Particularly the following statement is funny, and shows complete lack
> of understanding of the terminology and of the problem space:
>
> 'ISC would like to assure the Internet community that this is much
Application: RunCMS
Versions Affected: RunCMS 1.6
Vendor URL: http://www.runcms.org
Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc.
Exploits: Aviable
Reported: 14.12.2007
Vendor response: 15.12.2007
Date of Public Advisory: 25.12.2007
Authors: Alexandr Polyakov, Stas Svistunovich
used (depending on the host OS) to create encrypted passwords with
any of the supported algorithms.
Problem:
The htpasswd utility uses predictable salts for the salted algoritms
(Unix-style "CRYPT" and MD5). htpasswd uses the standard C rand()
function to generate "random" salts. In order to use rand(), htpasswd
seeds the random number generator with the srand() function. And that's
where the Apache developers made a critical mistake -- htpasswd
merely uses the time of day (seconds since the Epoch, time(NULL)) to
generators on the first usage of rand() and mt_rand(). This is
done with the help of the GENERATE_SEED() macro.
Unfortunately it was discovered that the GENERATE_SEED() macro
contains several problems that can lead to a weaker seed than
expected. In the worst case the seed is directly predictable,
which allows to predict all random numbers from the outside.
NOTICE: Neither rand() nor mt_rand() produce cryptographically
secure random numbers and should therefore never be used
for such applications.
BugTraq
I found this ISC announcement quite amusing:
http://www.isc.org/index.pl?/sw/bind/docs/response_transaction_id_issues.php
It's a text published by ISC as a follow up to the bind9 predictable id saga.
Particularly the following statement is funny, and shows complete lack
of understanding of the terminology and of the problem space:
'ISC would like to assure the Internet community that this is much
=============================================================================
FreeBSD-SA-08.11.arc4random Security Advisory
The FreeBSD Project
Topic: arc4random(9) predictable sequence vulnerability
Category: core
Module: sys
Announced: 2008-11-24
Credits: Robert Woolley, Mark Murray, Maxim Dounin, Ruslan Ermilov
Subject: eyeOS checksum prediction
Author: Andrej Komarov (komarov@itdefence.ru)
eyeOS operates with special intermediate checksums in plaintext. Without its validation it is impossible to make new actions (to login, start new services). There is way to predict eyeOS checksum. If it is automated from hackers side, it will make local Denial Of Service atack or user password stealing.
1. GET / HTTP/1.1
>>>>>>> <body onload='sendMsg("758474843719")
2. POST /index.php?checknum=758474843719&msg=baseapp HTTP/1.1
>>>>>>> HTTP/1.1 200 OK
> Well, it turns out that you can get the serial number of the Home Hub
> by simply sending a Multi Directory Access Protocol (MDAP) multicast
> request in the network where BT Home Hub is located. Yes, you must
> already be part of the LAN where the Home Hub is present, either via
> ethernet or via Wi-Fi. However, at GNUCITIZEN, we have demonstrated
> [3] trivial ways to predict the WEP encryption key of the Home Hub if
> you know what you are doing.
>
> In summary, there are two ways to break into a BT Home Hub Wi-Fi network:
>
> - arp replays injection plus weak IVs cracking. This attack is
> If a file that is unwanted is auto-downloaded, just delete it.
> No harm done.
Unapproved download does open exploit vectors against other
vulnerabilities, especially when the download is to a location the
attacker can predict.
Merely opening a folder in a GUI triggers exploitable actions such as
icon display. Desktop.ini in Windows triggers actions when its
containing folder is opened. Selecting a file to delete it can trigger
other exploitable actions. Anti-virus scans and other automatic
(http://www.trusteer.com/docs/research.html) - it is the same
type of attack but a different vulnerability and a different DNS
server. It's interesting that both BIND and Microsoft had
different, and at the same time fundamentally flawed
implementations of DNS (with Microsoft's implementation being
more easily predictable than those of BIND).
Using this attack an attacker can remotely poison the cache of
any Windows DNS server (when run in caching mode) and force users
who use this DNS server to reach fraudulent websites each time
they try to access real websites.
> principles you mentioned. Security in depth works only in a perfect
> world. The truth is that you cannot implement true security mainly
> because you will hit on the accessibility side. It is all about
> achieving the balance between security and accessibility. Moreover,
> you cannot implement security in depth mainly because you cannot
> predict the future. Therefore, you don't know what kinds of attack
> will surface next.
No disrespect taken - we're all just people here ;)
Thing is, in a "perfect world" we wouldn't need security at all (well,
Unsafe session handling
------------------------------------------------------------------------
FWS uses its own session handler instead of the default one provided
with PHP. There are many pitfalls when dealing with sessions. It is
generally not advised to create your own session handler. Common errors
made when doing so are the creation of predictable session identifiers
or the possibility of replay of session information.
The session handlers uses two different cookies, one for logged in users
named fws_cust and one for guest users that is named fws_guest. FWS
will first check if the fws_cust cookie has been set by the browser. If
UDP source port randomization and spoofed response detection),
but relied on the standard C randomization facility (the rand()
and srand() functions in <stdlib.h>). The two popular stdlib
implementations analyzed, glibc (used with GNU C++ for Linux/
Unix-like systems) and MSVCRT (used with Microsoft's MSVC for
Windows) are shown to be easily predictable, thus enabling an
attacker to predict the DNS queries sent by PowerDNS Recursor,
and in turn mount an efficient and effective DNS cache poisoning
attack (or a pharming attack, as it is often called today).
PowerDNS's security contact, Bert Hubert, responded in a quick
It was discovered that the escapeshellcmd did not properly process
multibyte characters. An attacker may be able to bypass quoting
restrictions and possibly execute arbitrary code with application
privileges. (CVE-2008-2051)
It was discovered that the GENERATE_SEED macro produced a predictable
seed under certain circumstances. Attackers may by able to easily
predict the results of the rand and mt_rand functions.
(CVE-2008-2107, CVE-2008-2108)
Tavis Ormandy discovered that the PCRE library did not correctly
Well, it turns out that you can get the serial number of the Home Hub
by simply sending a Multi Directory Access Protocol (MDAP) multicast
request in the network where BT Home Hub is located. Yes, you must
already be part of the LAN where the Home Hub is present, either via
ethernet or via Wi-Fi. However, at GNUCITIZEN, we have demonstrated
[3] trivial ways to predict the WEP encryption key of the Home Hub if
you know what you are doing.
In summary, there are two ways to break into a BT Home Hub Wi-Fi network:
- arp replays injection plus weak IVs cracking. This attack is
>
>
> This information could be useful to a malicious user attempting to gain illegal access to resources on internal systems.
>
>
> By following internal hostname naming conventions, an attacker could predict other internal hostnames as well. For instance, if Plumtree portal is running on a server with an internal hostname of websvr01, an attacker could predict other internal hostnames such as websvr01, websvr02, websvr03 and so on.
>
>
> Fix:
>
>
--Thursday, February 14, 2008, 5:55:17 AM, you wrote to bugtraq@securityfocus.com:
PW> As a result:
PW> - Salts created by htpasswd are very predictable.
PW> - The universe of salts for htpasswd is far less than the MD5 algorithm
PW> provides for -- 29 bits vs. 48, or 0.000191 percent of the range that
PW> should be used for MD5.
As far as I understand, salt predictability gives nothing to you. Salt
On Fri, Feb 15, 2008 at 08:44:08PM +0300, 3APA3A wrote:
> PW> As a result:
> PW> - Salts created by htpasswd are very predictable.
> PW> - The universe of salts for htpasswd is far less than the MD5 algorithm
> PW> provides for -- 29 bits vs. 48, or 0.000191 percent of the range that
> PW> should be used for MD5.
>
> As far as I understand, salt predictability gives nothing to you. Salt
> protects against rainbow tables attacks in case stored passwords are
Consequences:
This information could be useful to a malicious user attempting to gain illegal access to resources on internal systems.
By following internal hostname naming conventions, an attacker could predict other internal hostnames as well. For instance, if Plumtree portal is running on a server with an internal hostname of websvr01, an attacker could predict other internal hostnames such as websvr01, websvr02, websvr03 and so on.
Fix:
This has been addressed in AquaLogic Interaction 6.1. MP1. This can also be addressed by making config changes in ALUI 6.x versions.
14.06.2009 - informed developers.
16.07.2009 - disclosed at my site.
-----------------------------
Details:
These are Predictable Resource Location, Information Leakage, Cross-Site
Scripting and Directory Traversal vulnerabilities.
Predictable Resource Location:
There are standard paths to resources in XAMPP, which can be used for
Next Page>>
|
