uIP and lwIP DNS resolver exposed to cache poisoning attacks

  • 5 November 2014
  • 0 replies
  • 171 views

Userlevel 7
Badge +54
by Pierluigi Paganini on November 4th, 2014
 

The DNS resolver implemented in the open source TCP/IP stacks uIP and lwIP is vulnerable to cache poisoning, the flaw could be exploited to divert traffic to malicious websites.

The security researcher Allen D. Householder has reported  a serious vulnerability related to the uIP and lwIP DNS resolver, according to the Vulnerability Note VU#210620 it is exposed to cache poisoning attacks.
The uIP and was an open source TCP/IP stack designed to be used with tiny 8- and 16-bit microcontrollers, it could be implemented for IoT and embedded devices, due to the small amounts of resources it consumes.
The lwIP, also known as lightweight IP, is another widely used open source TCP/IP stack designed for embedded systems.
The vulnerability note states that the DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs (TXIDs) and source port reuse.
 
The vulnerability, coded as CVE-2014-4883, affects DNS resolver implemented in all versions of uIP and lwIP versions 1.4.1 and earlier.
http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/lwIP-stack.png
 
Full Article

0 replies

Be the first to reply!

Reply