Jump to content
chain

A Security Flaw could Lead to Cross-layer and DNS Poisoning Attacks

Recommended Posts

  • Administrators

A new attack technique called cross-layer attack has been identified, which combines vulnerabilities across multiple network protocol layers to attack the target system. It is estimated that one in every 20 web servers could be vulnerable to a security flaw that exists in the Linux kernel, allowing hackers to perform cross-layer attacks.

 

Quick insights

The cross-layer attack is possible because the IPv6 flow label generation algorithm, UDP source port generation algorithm, and the IPv4 ID generation algorithm use the same Pseudo-Random Number Generator (PRNG).

A flaw (CVE-2020-16166) in PRNG allows an attacker to obtain the internal state of any application using that PRNG.

After obtaining the internal state of the PRNG from one of the OSI layers (network), the security flaw makes it possible to use this information to estimate the random number value in other OSI layers as well.

Estimating the PRNG value allows attackers to carry out DNS cache poisoning attacks to target Linux systems locally and remotely.

 

Risk involved

The security flaw can allow hackers to recognize and track Android- and Linux-based devices. It works even when the browser privacy mode is On or VPN is in use.

It has been estimated that around 13.4% of the vulnerable web servers are running Ubuntu and 3-5% of servers run on both Ubuntu and a public DNS service, having the necessary pre-conditions required for potential exploitation.

 

A patch is developed

A security researcher who discovered this security flaw notified the Linux security team in March 2020. After that, they developed a patch based on a stronger PRNG using SipHash to fix the issue.

 

Conclusion

The latest versions of Linux contain the new PRNG, which is not affected by the security flaw. Therefore, experts recommend keeping all the applications and operating systems patched with the latest updates. In addition, DNS-over-HTTPS can be used to block the attack, if the stub resolver and DNS server support it.

 

More Info Here

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...