Описание
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
The dnspython stub resolver is vulnerable to a denial of service (DoS) risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another resolver or abandon the query altogether, potentially leading to service denial for that resolution.
Отчет
The vulnerability in dnspython where it may accept a malicious DNS response over a legitimate one due to timing issues poses a moderate severity risk. While the impact is limited to potential denial of service for DNS resolution requests, it requires precise timing and the ability to send malicious responses before legitimate ones arrive. This attack vector relies on the attacker's ability to predict or manipulate the timing of DNS responses, making it more complex to exploit compared to other vulnerabilities. However, if successfully exploited, it can disrupt DNS resolution services, affecting the availability of the targeted domain or service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | aap-cloud-metrics-collector-container | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ansible-builder-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 10 | python-dns | Not affected | ||
| Red Hat Enterprise Linux 7 | python-dns | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python27:2.7/python-dns | Will not fix | ||
| Red Hat OpenStack Platform 17.1 | python-eventlet | Affected | ||
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/ee-supported-rhel8 | Fixed | RHSA-2024:3483 | 30.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remo ...
EPSS
5.9 Medium
CVSS3