Vigil@nce - Linux kernel: predictability of net_get_random_once
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can predict randoms of features using the
net_get_random_once() function of the Linux kernel, in order to
spoof a network session.
– Impacted products: Linux
– Severity: 2/4
– Creation date: 02/10/2014
DESCRIPTION OF THE VULNERABILITY
The Linux kernel uses the net_get_random_once() function to
generate a random, which is then used to generate the net_secret,
syncookie_secret, and inet_ehash_secret fields (IP ID, TCP
Sequence Number, Ephemeral Port Number).
However, in some cases, this random is not initialized.
An attacker can therefore predict randoms of features using the
net_get_random_once() function of the Linux kernel, in order to
spoof a network session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-predictability-of-net-get-random-once-15435