PRNG flaw in Linux kernel created multiple security vulnerabilities
As many as one in 20 web servers could be vulnerable to a weakness in the Linux kernel, according to security researchers.
The same weakness could also expose millions of Android device users to increased risk of tracking.
The vulnerability (PDF) allows hackers to mount so-called “cross-layer” attacks against the Linux kernel, exploiting a weakness in its pseudo random number generator (PRNG).
This is possible because the UDP source port generation algorithm, the IPv6 flow label generation algorithm, and the IPv4 ID generation algorithm on some Linux-based systems all plug into the flawed PRNG.
After inferring the internal state of the PRNG from one (network) OSI layer, the security weakness makes it possible to use this information to predict the random number value in another OSI layer.
Predicting the PRNG value open the door to DNS cache poisoning attacks against Linux systems, both on local networks and remotely, although it does require the DNS server to be outside the target’s network.
The flaw also allows hackers to identify and track both Linux and Android devices.
The kernel vulnerability was discovered by Amit Klein, vice president of security research at SafeBreach and a security researcher at Israel’s Bar-Ilan University.
According to Klein, the most powerful version of the DNS attack is against Ubuntu servers, as those servers’ DNS stub resolver is especially vulnerable.
He estimates that 13.4% of web servers run Ubuntu; some 3-5% of servers run both Ubuntu and a public DNS service, satisfying the necessary pre-conditions for potential exploitation.
In fact, the number could be higher than this conservative estimate, Klein told The Daily Swig. Servers using external but private DNS servers, such as those run by ISPs, are also open to attack.
Klein explained: “These may very well be vulnerable, though attacking them requires a bit more intel and preparations, which is why I could not demonstrate attacking them in my research.”
DNS cache poisoning, Klein warns, opens the door to a range of exploits.
“It can be used to downgrade email security, hijack emails, hijack HTTP traffic, circumvent email anti-spam and blacklisting mechanisms, mount a local DoS attack (blackhole hosts), poison reverse DNS resolutions and attack the machine’s NTP [Network Time Protocol] client, responsible for the machine’s clock,” he said.
The PRNG weakness also allows hackers to exploit web-based tracking on Linux and Android devices.
“These can be used to track people, across networks, and even when the browser privacy mode is used, or using a VPN,” said Klein.
A full fix was issued for Android in October 2020, but users can also protect themselves through either a proxy or Tor.
“This vulnerability is exactly the kind of thing I am looking for and actively studying. I didn’t accidentally bump into it… [but] here may be other scenarios (such as local attacks) that I haven’t explored,” he said.
The tracking risk exists because it is possible to “collect TCP/IPv6 flow label values and/or UDP source port values and/or TCP/IPv4 ID fields, reconstruct the PRNG internal state and correlate this new state to previously extracted PRNG states to identify the same device.”
Applying the fix
Fortunately, only Linux systems and those, such as Android, that run on top of the Linux kernel are vulnerable. Other Unix-based systems, such as macOS, use different PRNG algorithms.
The solution for Linux users is to replace the weak PRNG with stronger algorithms. Klein alerted the Linux security team in March 2020, and they developed a patch based on a stronger PRNG using SipHash.
New versions of Linux contain the new PRNG. In addition, DNS-over-HTTPS blocks the attack, if both the stub resolver and DNS server support it. But this does not prevent device tracking.