Package: macchanger Version: 1.7.0-3.2 Severity: grave Trying to randomize the MAC address of an interface toggles between two MAC addresses instead of setting a random MAC address. See the following example:
$ macchanger -A wlan8 Current MAC: 00:05:01:98:56:c3 (CISCO SYSTEMS, INC.) Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation) New MAC: 00:05:01:98:26:05 (CISCO SYSTEMS, INC.) $ macchanger -A wlan8 Current MAC: 00:05:01:98:26:05 (CISCO SYSTEMS, INC.) Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation) New MAC: 00:05:01:98:56:c3 (CISCO SYSTEMS, INC.) $ macchanger -A wlan8 Current MAC: 00:05:01:98:56:c3 (CISCO SYSTEMS, INC.) Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation) New MAC: 00:05:01:98:26:05 (CISCO SYSTEMS, INC.) $ macchanger -A wlan8 Current MAC: 00:05:01:98:26:05 (CISCO SYSTEMS, INC.) Permanent MAC: 24:fd:52:XX:XX:XX (Liteon Technology Corporation) New MAC: 00:05:01:98:56:c3 (CISCO SYSTEMS, INC.) The problem here seems to be in the random_seed function where macchanger tries to open different devices for random numbers and takes the first one where open() is successful but never checks if the following read() is successful. http://sources.debian.net/src/macchanger/1.7.0-5/src/main.c/#L92 also see this strace snippet: open("/dev/hwrng", O_RDONLY) = 3 read(3, 0x7fffe23909ec, 4) = -1 ENODEV (No such device) close(3) = 0 I don't know why I do have this non-working /dev/hwrng device. It gets somehow automatically created by loading the b43 kernel module. Macchanger should check if the read() was successful and if not try the next entropy device or at least abort with an error instead pretending to set a random MAC address which clearly is not random. Another problem I spotted is that if reading from an entropy device does work only sizeof(unsigned int) entropy is read, which is only guaranteed to be 2 octets. However from these are then up to 6 octets of "random" data generated (in case of a fully random MAC) which clearly does not work as expected. --- System information. --- Architecture: amd64 Kernel: Linux 3.18.0-trunk-amd64 Debian Release: 8.0 500 testing security.debian.org 500 testing mirror.stusta.mhn.de 500 testing http.debian.net --- Package information. --- Depends (Version) | Installed =============================-+-============= libc6 (>= 2.4) | dpkg (>= 1.15.4) | OR install-info | Package's Recommends field is empty. Package's Suggests field is empty.
signature.asc
Description: This is a digitally signed message part.