Prevent cache poisoning due to weak PRNG (CVE-2025-40780)
https://kb.isc.org/docs/cve-2025-40780 Unmodified upstrem patch Resolves: RHEL-123329
This commit is contained in:
Petr Menšík
parent
03804737c1
commit
c5512bd8f1
120
bind-9.18-CVE-2025-40780.patch
Normal file
120
bind-9.18-CVE-2025-40780.patch
Normal file
@ -0,0 +1,120 @@
|
||||
From c7d94eb33a2de5a0f3fdcb4eae7ffdee711cc3e1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
||||
Date: Tue, 19 Aug 2025 19:22:18 +0200
|
||||
Subject: [PATCH] Use cryptographically-secure pseudo-random generator
|
||||
everywhere
|
||||
|
||||
It was discovered in an upcoming academic paper that a xoshiro128**
|
||||
internal state can be recovered by an external 3rd party allowing to
|
||||
predict UDP ports and DNS IDs in the outgoing queries. This could lead
|
||||
to an attacker spoofing the DNS answers with great efficiency and
|
||||
poisoning the DNS cache.
|
||||
|
||||
Change the internal random generator to system CSPRNG with buffering to
|
||||
avoid excessive syscalls.
|
||||
|
||||
Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
|
||||
for responsibly reporting this to us. Very cool research!
|
||||
|
||||
(cherry picked from commit cffcab9d5f3e709002f331b72498fcc229786ae2)
|
||||
(cherry picked from commit 8330b49fb90bfeae14b47b7983e9459cc2bbaffe)
|
||||
---
|
||||
lib/isc/include/isc/random.h | 2 +-
|
||||
lib/isc/random.c | 14 +++++++-------
|
||||
tests/isc/random_test.c | 4 +++-
|
||||
3 files changed, 11 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
|
||||
index 1e30d0c..fd55343 100644
|
||||
--- a/lib/isc/include/isc/random.h
|
||||
+++ b/lib/isc/include/isc/random.h
|
||||
@@ -20,7 +20,7 @@
|
||||
#include <isc/types.h>
|
||||
|
||||
/*! \file isc/random.h
|
||||
- * \brief Implements wrapper around a non-cryptographically secure
|
||||
+ * \brief Implements wrapper around a cryptographically secure
|
||||
* pseudo-random number generator.
|
||||
*
|
||||
*/
|
||||
diff --git a/lib/isc/random.c b/lib/isc/random.c
|
||||
index 7eead66..fb04669 100644
|
||||
--- a/lib/isc/random.c
|
||||
+++ b/lib/isc/random.c
|
||||
@@ -85,7 +85,7 @@ static thread_local uint32_t seed[4] = { 0 };
|
||||
|
||||
static uint32_t
|
||||
rotl(const uint32_t x, int k) {
|
||||
- return ((x << k) | (x >> (32 - k)));
|
||||
+ return (x << k) | (x >> (32 - k));
|
||||
}
|
||||
|
||||
static uint32_t
|
||||
@@ -104,7 +104,7 @@ next(void) {
|
||||
|
||||
seed[3] = rotl(seed[3], 11);
|
||||
|
||||
- return (result_starstar);
|
||||
+ return result_starstar;
|
||||
}
|
||||
|
||||
static thread_local isc_once_t isc_random_once = ISC_ONCE_INIT;
|
||||
@@ -128,21 +128,21 @@ uint8_t
|
||||
isc_random8(void) {
|
||||
RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
|
||||
ISC_R_SUCCESS);
|
||||
- return (next() & 0xff);
|
||||
+ return next() & 0xff;
|
||||
}
|
||||
|
||||
uint16_t
|
||||
isc_random16(void) {
|
||||
RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
|
||||
ISC_R_SUCCESS);
|
||||
- return (next() & 0xffff);
|
||||
+ return next() & 0xffff;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
isc_random32(void) {
|
||||
RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
|
||||
ISC_R_SUCCESS);
|
||||
- return (next());
|
||||
+ return next();
|
||||
}
|
||||
|
||||
void
|
||||
@@ -174,7 +174,7 @@ isc_random_uniform(uint32_t upper_bound) {
|
||||
ISC_R_SUCCESS);
|
||||
|
||||
if (upper_bound < 2) {
|
||||
- return (0);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#if (ULONG_MAX > 0xffffffffUL)
|
||||
@@ -202,5 +202,5 @@ isc_random_uniform(uint32_t upper_bound) {
|
||||
}
|
||||
}
|
||||
|
||||
- return (r % upper_bound);
|
||||
+ return r % upper_bound;
|
||||
}
|
||||
diff --git a/tests/isc/random_test.c b/tests/isc/random_test.c
|
||||
index 1935846..0016252 100644
|
||||
--- a/tests/isc/random_test.c
|
||||
+++ b/tests/isc/random_test.c
|
||||
@@ -321,7 +321,9 @@ random_test(pvalue_func_t *func, isc_random_func test_func) {
|
||||
}
|
||||
break;
|
||||
case ISC_RANDOM_BYTES:
|
||||
- isc_random_buf(values, sizeof(values));
|
||||
+ for (i = 0; i < ARRAY_SIZE(values); i++) {
|
||||
+ values[i] = isc_random32();
|
||||
+ }
|
||||
break;
|
||||
case ISC_RANDOM_UNIFORM:
|
||||
uniform_values = (uint16_t *)values;
|
||||
--
|
||||
2.51.1
|
||||
|
||||
@ -137,6 +137,8 @@ Patch223: bind-9.18-CVE-2025-8677.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72
|
||||
Patch224: bind-9.18-CVE-2025-40778.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe
|
||||
Patch225: bind-9.18-CVE-2025-40780.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
@ -987,6 +989,7 @@ fi;
|
||||
* Thu Oct 23 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-6
|
||||
- Refuse malformed DNSKEY records (CVE-2025-8677)
|
||||
- Address various spoofing attacks (CVE-2025-40778)
|
||||
- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)
|
||||
|
||||
* Fri Sep 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-5
|
||||
- logrotate: skip if empty and remove old variants (RHEL-113942)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user