CVE-2019-19794
Predictable Random Numbers vulnerability in dns (Go)
What is CVE-2019-19794 About?
This vulnerability involves the use of predictable random numbers for DNS transaction IDs, making DNS response spoofing attacks easier. The impact is primarily on DNS client security, as attackers can more readily intercept and manipulate DNS queries. Exploitation is made less complex due to the predictability.
Affected Software
- github.com/miekg/dns
- <1.1.25
- <1.1.25-0.20191211073109-8ebf2e419df7
Technical Details
The vulnerability stems from the use of math/rand to generate DNS message transaction IDs. The math/rand package in Go is not cryptographically secure and produces pseudo-random numbers that are predictable, especially if the seed is known or easily guessable, or if enough samples are collected to infer the state of the random number generator. In the context of DNS, this predictability means that an attacker, observing DNS traffic, can anticipate future transaction IDs. This reduces the entropy of the transaction ID, making it significantly easier for an attacker to successfully guess the correct ID for a DNS query. Consequently, an attacker can craft a malicious DNS response with the predicted transaction ID, sending it to a DNS client before the legitimate DNS server responds, thus enabling DNS cache poisoning or redirection to malicious sites.
What is the Impact of CVE-2019-19794?
Successful exploitation may allow attackers to perform DNS response spoofing, leading to cache poisoning, redirection to malicious servers, or man-in-the-middle attacks against affected DNS clients.
What is the Exploitability of CVE-2019-19794?
Exploitation of this vulnerability involves reducing the search space for DNS transaction IDs. It typically requires an attacker to be located on the same network segment as the DNS client or to be able to intercept DNS traffic. No authentication or specific privileges are required. The attack is remote, focusing on network traffic manipulation. The complexity is moderate, as it requires crafting specific DNS responses and timing them correctly, but the predictability of the transaction IDs significantly lowers the difficulty of guessing the correct ID. Risk factors include unencrypted DNS traffic and clients relying solely on transaction IDs for response validation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2019-19794?
Available Upgrade Options
- github.com/miekg/dns
- <1.1.25-0.20191211073109-8ebf2e419df7 → Upgrade to 1.1.25-0.20191211073109-8ebf2e419df7
- github.com/miekg/dns
- <1.1.25 → Upgrade to 1.1.25
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/coredns/coredns/issues/3519
- https://nvd.nist.gov/vuln/detail/CVE-2019-19794
- https://github.com/coredns/coredns/issues/3519
- https://pkg.go.dev/vuln/GO-2020-0008
- https://github.com/coredns/coredns/issues/3547
- https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
- https://github.com/miekg/dns/issues/1043
- https://github.com/coredns/coredns/issues/3547
- https://github.com/miekg/dns/pull/1044
- https://github.com/miekg/dns/pull/1044
What are Similar Vulnerabilities to CVE-2019-19794?
Similar Vulnerabilities: CVE-2008-1447 , CVE-2008-0114 , CVE-2009-0268 , CVE-2004-0545 , CVE-2002-0021
