Bug 13581

Summary: iodine new security issue CVE-2014-4168
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/603222/
Whiteboard: MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Source RPM: iodine-0.6.0-0.rc1.3.mga4.src.rpm CVE:
Status comment:

Description David Walser 2014-06-23 19:32:18 CEST 
Debian has issued an advisory on June 21:
https://www.debian.org/security/2014/dsa-2964

Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated iodine packages fix security vulnerability:

Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a
tool for tunneling IPv4 data through a DNS server. A remote attacker could
provoke a server to accept the rest of the setup or also network traffic by
exploiting this flaw (CVE-2014-4168).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4168
https://www.debian.org/security/2014/dsa-2964
========================

Updated packages in core/updates_testing:
========================
iodine-server-0.6.0-0.rc1.3.mga3
iodine-client-0.6.0-0.rc1.3.mga3
iodine-server-0.6.0-0.rc1.4.mga4
iodine-client-0.6.0-0.rc1.4.mga4

from SRPMS:
iodine-0.6.0-0.rc1.3.mga3.src.rpm
iodine-0.6.0-0.rc1.4.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-06-23 19:32:23 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 claire robinson 2014-06-23 19:49:18 CEST 
Some testing info here: http://code.kryo.se/iodine/README.html

Whiteboard: MGA3TOO => MGA3TOO has_procedure

Comment 2 claire robinson 2014-06-26 16:22:15 CEST 
Testing complete mga4 32 & 64

Followed the Quickstart at the link above.

Installed iodine-server on one and iodine-client on the other.

On the server with IP 192.168.1.3

# iodined -f 10.0.0.1 test.com
Enter password: 
Opened dns0
Setting IP of dns0 to 10.0.0.1
Setting MTU of dns0 to 1130
Opened UDP socket
Listening to dns for domain test.com

Then on the client

# iodine -f -r 192.168.1.3 test.com
Enter password: 
Opened dns0
Opened UDP socket
Sending DNS queries for test.com to 192.168.1.3
Autodetecting DNS query type (use -T to override).
Using DNS type NULL queries
Version ok, both using protocol v 0x00000502. You are user #0
Setting IP of dns0 to 10.0.0.2
Setting MTU of dns0 to 1130
Server tunnel IP is 10.0.0.1
Skipping raw mode
Using EDNS0 extension
Switching upstream to codec Base128
Server switched upstream to codec Base128
No alternative downstream codec available, using default (Raw)
Switching to lazy mode for low-latency
Server switched to lazy mode
Autoprobing max downstream fragment size... (skip with -m fragsize)
768 ok.. 1152 ok.. ...1344 not ok.. ...1248 not ok.. ...1200 not ok.. 1176 ok.. 1188 ok.. will use 1188-2=1186
Setting downstream fragment size to max 1186...
Connection setup complete, transmitting data.


Set similar settings in /etc/sysconfig/iodine-server on the server and started the iodine-server service. did the same in /etc/sysconfig/iodine-client on the client and started the iodine-clinet service.

Checked /var/log/iodine-client.log for errors on the client and iodine-server.log on the server.

Repeated with server and client reversed.

pings to 10.0.0.1 or 10.0.0.2 fail, but there may be some other routing to do first. Ubuntu uses a client script to properly configure things by the looks of it.

Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga4-32-ok mga4-64-ok

Comment 3 claire robinson 2014-06-27 17:17:35 CEST 
Testing complete mga3 32 & 64

Whiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok

Comment 4 claire robinson 2014-06-27 17:25:34 CEST 
Validating. Advisory uploaded.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2014-06-27 17:40:41 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0277.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED