Cache poisoning vulnerability on the OS level DNS cache in Ubuntu

Not the place to report a DNS vulnerability, seems more like a PDF attack, so removing the attachment.
If this is legitimate, please submit against the DNS package in Ubuntu.

Hi John,

Can you please help to report this bug? I haven't used Launchpad before. Do you mean there is a section for Ubuntu on Launchpad? If so, where can I find it because the website is somehow misleading? Also, is there a section for DNS package bugs? Where can I find it?

Thank you,

Thanks John,

Fatemah, you can either attach the pdf here again or send it to <email address hidden> with gnupg keys available at https://wiki.ubuntu.com/SecurityTeam/Contacts

Thanks

Hi Seth,

The pdf file is attached. Can you check it please?

Thank you,

Thanks Fatemah,

Note that the resource limits set by `setrlimit(2)` (and the `ulimit(1)` shell built-in) are *mostly* per-process, not per-uid. The `RLIMIT_NPROC` setting limits how many processes a user may use, but `RLIMIT_NOFILE` describes how many file descriptors (and thus sockets) may be used per process.

To restrict a single user from consuming 20K descriptors then would require limiting the user to e.g. twenty processes and 1000 file descriptors each, or 1000 processes and twenty file descriptors each, etc. In practice limits this draconian are very difficult to implement and still have a usable computer.

The earliest non-djb reference I have for source port randomization is PowerDNS's recursor, which implemented the source port randomization in April 2006: https://blog.netherlabs.nl/articles/2006/04/14/holy-cow-1-3-million-additional-ip-addresses-served-by-powerdns

Can you let us know more about your publishing timeline?

Thanks

Ubuntu uses systemd and dnsmasq for OS-level DNS cache. Readjusting package list.

Hi Seth,

Thank you for the valuable feedback. The paper is going to be submitted to Infocom 2019: http://infocom2019.ieee-infocom.org/ and the deadline is July 31.

Please let me know if you have any question.

Thank you,

Hi Marc,

Thank you for responding.

Please let me know if you have any question.

Hi,

Any updates regarding the report?

Thank you,

We'll probably simply disable caching by default.
The upstream systemd project may be interested in handling it in some better way.

Hi all,

Can you please give me feedback so I can include it in the paper? The deadline is July 31st.

Thank you and I appreciate your time.

Hello Fatemah, we don't intend to take any action until this is public. Once this is publicly known we will work with the systemd community and larger Linux communities on potential solutions.

Thanks

Hi all,

I am sending this email to update you about the status of our paper. The paper titled “Collaborative client-Side DNS Cache Poisoning Attack” is accepted in INFOCOM 2019; the conference site is: http://infocom2019.ieee-infocom.org . The paper is going to be published in April 2019. As a reminder, the paper talks about OS vulnerabilities that lead to OS-wide DNS cache poisoning attacks. One of the OSes that we targeted is Ubuntu. For confidentiality reasons, we cannot declare the status or the actions taken by the other OSes to defeat the attack. We would like to check whether Ubuntu is considering security updates regarding this issue.

Congratulations on getting your paper accepted. Very good news.

Ubuntu is still planning on waiting until this is public to address it, in order to discuss the best possible solution with the larger community.

Thanks

I hope this email finds you well.

I would like to share with you and your team this news from Apple. Apple contacted me regarding the vulnerabilities I found on macOS (specifically the ones related to the DNS service mDNSResponder). Consequently, On January 22, Apple released a new security update. They also asked to add the authors’ names under the additional acknowledgment section which you can in this URL: https://support.apple.com/en-us/HT209446

In addition, this news has drawn the public attention, especially in the middle east. I also was interviewed by the following TV channels during the past week (in Arabic):
1- Alarabiya (the most popular news channel in the middle east): https://www.youtube.com/watch?v=xaDYKbcNSuE&feature=youtu.be
2- Rotana Khalegiya: https://www.youtube.com/watch?v=6JkSZGeG2ng&t=36s
3- Alresalah: https://www.youtube.com/watch?v=5cc6QUhKsgo&t=8s
4- There are also so many news papers and magazines covered this news. The following are the most important and popular ones:
a. Arab News (in English): http://www.arabnews.com/node/1444386/media
b. Sabq: https://sabq.org/LjY26c
c. Okaz: https://www.okaz.com.sa/article/1702388
d. Sayidaty: https://www.sayidaty.net/node/837351/%D8%A3%D8%B3%D8%B1%D8%A9-%D9%88%D9%85%D8%AC%D8%AA%D9%85%D8%B9/%D8%A3%D8%AE%D8%A8%D8%A7%D8%B1-%D8%A3%D8%B3%D8%B1%D8%A9-%D9%88%D9%85%D8%AC%D8%AA%D9%85%D8%B9/%D8%B7%D8%A7%D9%84%D8%A8%D8%A9-%D8%AF%D9%83%D8%AA%D9%88%D8%B1%D8%A7%D9%87-%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9-%D8%AA%D9%83%D8%AA%D8%B4%D9%81-%D8%AB%D8%BA%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A3%D9%86%D8%B8%D9%85%D8%A9-%D8%A3%D8%A8%D9%84#photo/1
e. Saudi News: http://www.saudianews.org/post/101854/%D8%A8%D8%A7%D9%84%D9%81%D9%8A%D8%AF%D9%8A%D9%88-%D8%B7%D8%A7%D9%84%D8%A8%D8%A9-%D8%AF%D9%83%D8%AA%D9%88%D8%B1%D8%A7%D9%87-%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9-%D8%AA%D9%83%D8%AA%D8%B4%D9%81-%D8%AB%D8%BA%D8%B1%D8%A9-%D8%A3%D9%85%D9%86%D9%8A%D8%A9-%D8%BA%D8%A7%D8%A8%D8%AA-%D8%B9%D9%86-%D8%B4%D8%B1%D9%83%D8%A9-%D8%A3%D8%A8%D9%84
f. UCR News (on Twitter): https://twitter.com/UCRiverside/status/1091417728932548608
g. UCR Computer Science department (on Twitter): https://twitter.com/UCRiverside/status/1091417728932548608
h. If you are interested, I tried to post some other news coverage on my Twitter account (actually there are a lot, but I posted the most important ones) : @FatemahAlharbi

Please let me know if you have questions.

Thank you,

please reopen if this is still an issue