Public bug reported:
The ping6 command can be used to send RFC 4620 queries with a syntax like this:
ping6 -c1 -Nname reflector.easyv6.net
RFC 4620 states:
The Nonce MUST be a random or good pseudo-random value to foil spoofed
replies.
The nonce produced by ping6 is always:
00 01 69 73 51 FF 4A EC
If one invocation of ping6 sends multiple queries, the second byte is
incremented between queries, but otherwise the nonce is identical.
This nonce does not satisfy the randomness requirement of RFC 4620. The
initial nonce value should be read from /dev/urandom. If two ping6
invocations are started at the same time with the same arguments, they
will always report duplicated replies as both are producing the same
nonces. The predictability of the nonces could be exploited to spoof
replies.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: iputils-ping 3:20101006-1ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-39.62-generic 3.2.39
Uname: Linux 3.2.0-39-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: i386
Date: Sat Apr 13 00:06:00 2013
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
MarkForUpload: True
SourcePackage: iputils
UpgradeStatus: Upgraded to precise on 2012-05-08 (339 days ago)
** Affects: iputils (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 precise
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1168568
Title:
Predictable nonce in RFC4620 queries
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1168568/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
