{"vuid":"VU#210620","idnumber":"210620","name":"uIP and lwIP DNS resolver vulnerable to cache poisoning","keywords":["uIP","lwIP","DNS","cache poisoning","CWE-330"],"overview":"The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs (TXIDs) and source port reuse.","clean_desc":"CWE-330: Use of Insufficiently Random Values - CVE-2014-4883 The DNS resolver implemented in all versions of uIP, as well as lwIP versions 1.4.1 and earlier, is vulnerable to cache poisoning due to non-randomized transaction IDs (TXIDs) and source port reuse. For more information on the technical details and impact of this vulnerability, please refer to VU#800113.","impact":"A remote, unauthenticated attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.","resolution":"Apply an Update lwIP has released version 2.0.0 to address this issue. Users and downstream developers are encouraged to upgrade to the latest release of lwIP. uIP is now incorporated into the Contiki project. No patch has been made available by Contiki at this time. Please refer to VU#800113 for additional remediation and mitigation suggestions.","workarounds":"","sysaffected":"","thanks":"Thanks to Allen D. Householder for reporting this vulnerability.","author":"This document was written by Todd Lewellen.","public":["http://cwe.mitre.org/data/definitions/330.html","http://savannah.nongnu.org/projects/lwip/","http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a","http://www.thingsquare.com/","https://savannah.nongnu.org/files/?group=lwip"],"cveids":["CVE-2014-4883"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-08-13T19:46:55Z","publicdate":"2014-11-03T00:00:00Z","datefirstpublished":"2014-11-03T13:49:11Z","dateupdated":"2017-02-13T18:21:06Z","revision":25,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5","cvss_environmentalscore":"5.04511739268863","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}