CVE CyberSecurity Database News

CVE-2023-29483: Eventlet's Vulnerability in Dnspython Paves the Way for "TuDoor" Attacks

Poster -

A recent vulnerability, identified as CVE-2023-29483, has been discovered affecting eventlet versions before .35.2 and dnspython before 2.6.. This vulnerability allows remote attackers to interfere with the DNS name resolution process by quickly sending an invalid packet with the expected IP address and source port. The result is a "TuDoor" attack, which can hinder accurate DNS name resolution. Notably, dnspython 2.6. experienced different issues which were fixed in version 2.6.1.

Code Snippet

The following code demonstrates the vulnerability within eventlet before eventlet version .35.2 and dnspython before 2.6.:

import eventlet
import dnspython

eventlet.monkey_patch()

resolver = dnspython.resolver.Resolver()
resolver.nameservers = ['targeted_dns_server']
resolver.timeout = 5

resolved = eventlet.spawn(resolver.query, 'example.com')
eventlet.sleep(.5)
resolved.kill()

The above code uses eventlet and dnspython libraries to create a resolver object that targets a known DNS server. The resolver has a timeout set to 5 seconds. When the code runs, it triggers a DNS request for the domain 'example.com' with the targeted DNS server; however, by killing the spawned thread with the 'resolved.kill()' command, attackers can craft an invalid response packet that interferes with the DNS resolution process.

Exploit Details

An attacker can carry out a "TuDoor" attack by exploiting the identified vulnerability (CVE-2023-29483). This involves sending an invalid packet from the expected IP address and source port to disrupt the DNS name resolution process. In essence, dnspython should have a preferred behavior where the DNS name resolution algorithm proceeds within the full-time window while waiting for a valid packet. Unfortunately, this is not the case in the affected versions, resulting in a "TuDoor" attack.

To understand the vulnerability in greater depth, please refer to the following references

1. Eventlet project on GitHub that discusses the related vulnerabilities: https://github.com/eventlet/eventlet/issues/670
2. Dnspython project on GitHub detailing the related issues they faced: https://github.com/rthalley/dnspython/issues/674
3. CVE details for CVE-2023-29483: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29483

Mitigations and Fixes

Eventlet users are recommended to upgrade their eventlet packages to version .35.2 or later, while dnspython users should upgrade to version 2.6.1 to prevent these vulnerabilities from being exploited. Users are also encouraged to be cautious of opening or running unknown code or files, as attackers may exploit these vulnerabilities in targeted attacks against specific networks or systems.

Timeline

Published on: 04/11/2024 14:15:12 UTC
Last modified on: 08/27/2024 19:35:04 UTC