Bug 1051791 - (CVE-2017-12132) VUL-0: CVE-2017-12132: glibc: resolv: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks
(CVE-2017-12132)
VUL-0: CVE-2017-12132: glibc: resolv: Reduce advertised EDNS0 buffer size to ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Andreas Schwab
Security Team bot
https://smash.suse.de/issue/189433/
CVSSv2:NVD:CVE-2017-12132:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-02 06:51 UTC by Alexander Bergmann
Modified: 2020-05-12 18:07 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-08-02 06:51:33 UTC
CVE-2017-12132

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version
2.26, when EDNS support is enabled, will solicit large UDP responses from name
servers, potentially simplifying off-path DNS spoofing attacks due to IP
fragmentation.

sourceware.org swo#21361

When ENDS0 is enabled, glibc currently requests large DNS responses over UDP (up to 65536 bytes).  This is problematic because the randomized transaction ID and source port randomization both protect only the first fragment in a response.

As a partial countermeasure, the stub resolver should lower the advertised buffer size to 1200 bytes (IPv6 minimum MTU of 1280 minus some tunnel overhead).  With some cooperation from the server, this should avoid fragmentation.

Upstream Fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12132
http://www.cvedetails.com/cve/CVE-2017-12132/
https://arxiv.org/pdf/1205.4011.pdf
https://sourceware.org/bugzilla/show_bug.cgi?id=21361
Comment 3 Swamp Workflow Management 2018-02-15 17:11:08 UTC
SUSE-SU-2018:0451-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1037930,1051791,1073990,1074293,1079036
CVE References: CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Server 12-SP3 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Server 12-SP2 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    glibc-2.22-62.6.2
SUSE CaaS Platform ALL (src):    glibc-2.22-62.6.2
OpenStack Cloud Magnum Orchestration 7 (src):    glibc-2.22-62.6.2
Comment 5 Swamp Workflow Management 2018-02-20 17:14:27 UTC
openSUSE-SU-2018:0494-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1037930,1051791,1073990,1074293,1079036
CVE References: CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551
Sources used:
openSUSE Leap 42.3 (src):    glibc-2.22-13.2, glibc-testsuite-2.22-13.2, glibc-utils-2.22-13.2
Comment 6 Swamp Workflow Management 2018-02-28 20:08:00 UTC
SUSE-SU-2018:0565-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1037930,1051791,1074293,1079036,978209
CVE References: CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Server 11-SP4 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    glibc-2.11.3-17.110.6.2
Comment 7 Marcus Meissner 2018-06-15 09:35:56 UTC
msising in 12-sp1 and 12-ga
Comment 10 Swamp Workflow Management 2018-08-03 19:17:12 UTC
SUSE-SU-2018:2185-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1051791,1064569,1064580,1064583,1094161
CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-11236
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    glibc-2.19-40.16.950
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    glibc-2.19-40.16.950
Comment 11 Swamp Workflow Management 2018-08-03 19:18:55 UTC
SUSE-SU-2018:2187-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1051791,1064569,1064580,1064583,1074293,1094161
CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-1000001,CVE-2018-11236
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    glibc-2.19-22.27.958
Comment 12 Andreas Schwab 2019-08-27 14:50:37 UTC
All updates released.