al capone
Advanced
- Joined
- 13.09.20
- Messages
- 159
- Reaction score
- 1,912
- Points
- 93
The problem allows you to track Linux and Android devices even when the browser has private mode enabled or a VPN is used.
many web servers on Linux and millions of Android devices are at risk due to a vulnerability in the Linux kernel that affects the pseudo-random number generator and allows for cross-level attacks due to the fact that the UDP, IPv6 and IPv4 generation algorithms running on some Linux systems use a vulnerable RNG.
As explained by the author of the study, information security expert Amit Klein (Amit Klein), an attacker can determine the internal state of the RNG at one OSI level and use this data to predict a random numeric value at another OSI level. Thus, the attacker is able to perform a DNS cache poisoning attack on Linux systems both locally and remotely. The condition is that the DNS server must be located outside the network.
DNS spoofing can be used for various malicious actions, such as intercepting email and HTTP traffic, bypassing anti-spam mechanisms and email blacklists, conducting a local DoS attack, tracking the NTP client, and so on.
Moreover, the problem discovered by Klein also allows you to track Linux and Android devices even when the browser is in private mode or using a VPN.
According to the expert, the most vulnerable to these attacks are servers on Ubuntu - about 13.4% of web servers run on Ubuntu, 3-5% of servers use Ubuntu and the public DNS service, meeting the conditions for a potential attack. However, this figure may be higher, Klein believes, since servers that use external private DNS servers (for example, those managed by Internet providers) are also at risk.
The expert notified the Linux development team about the vulnerability in March of this year. The issue was fixed with the release of a patch implementing a more robust RNG using SipHash. In Android, the problem was fixed in October, an alternative method of protecting against this attack is using a proxy or Tor. The DNS-over-HTTPS Protocol also blocks DNS spoofing, but does not protect against tracking.
many web servers on Linux and millions of Android devices are at risk due to a vulnerability in the Linux kernel that affects the pseudo-random number generator and allows for cross-level attacks due to the fact that the UDP, IPv6 and IPv4 generation algorithms running on some Linux systems use a vulnerable RNG.
As explained by the author of the study, information security expert Amit Klein (Amit Klein), an attacker can determine the internal state of the RNG at one OSI level and use this data to predict a random numeric value at another OSI level. Thus, the attacker is able to perform a DNS cache poisoning attack on Linux systems both locally and remotely. The condition is that the DNS server must be located outside the network.
DNS spoofing can be used for various malicious actions, such as intercepting email and HTTP traffic, bypassing anti-spam mechanisms and email blacklists, conducting a local DoS attack, tracking the NTP client, and so on.
Moreover, the problem discovered by Klein also allows you to track Linux and Android devices even when the browser is in private mode or using a VPN.
According to the expert, the most vulnerable to these attacks are servers on Ubuntu - about 13.4% of web servers run on Ubuntu, 3-5% of servers use Ubuntu and the public DNS service, meeting the conditions for a potential attack. However, this figure may be higher, Klein believes, since servers that use external private DNS servers (for example, those managed by Internet providers) are also at risk.
The expert notified the Linux development team about the vulnerability in March of this year. The issue was fixed with the release of a patch implementing a more robust RNG using SipHash. In Android, the problem was fixed in October, an alternative method of protecting against this attack is using a proxy or Tor. The DNS-over-HTTPS Protocol also blocks DNS spoofing, but does not protect against tracking.