SV.USAGERULES.SPOOFING
Spoofing security vulnerability
Certain system calls, typically DNS lookups, are vulnerable to spoofing. The SV.USAGERULES.SPOOFING checker flags instances of the system calls, gethostbyaddr, gethostbyname, and sethostname, which are potential targets of spoofing because they are dependent on data from the host server.
Vulnerability and risk
Spoofing allows a malicious user to gain trusted status by poisoning the DNS cache. An example of this vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by an attacker to display a fake URL in the address and status bars. In this case, the vulnerability is caused by an input validation error.
Successful exploitation allows an attacker to display an arbitrary fully qualified domain name (FQDN) in the address and status bars which is different from the actual location of the page. This practice can trick users into divulging sensitive information, or downloading and executing malware on their systems, because they trust the faked domain.
Mitigation and prevention
To avoid this vulnerability:
- Make sure all system input is validated properly.
- Use IP addresses rather than DNS names. IP addresses can also be spoofed but they are generally more reliable than DNS names.
Vulnerable code example
#include <winsock2.h>
#include <ws2tcpip.h>
void foo()
{
struct hostent *he;
struct in_addr ipv4addr = { 0 };
inet_pton(AF_INET, "127.0.0.1", &ipv4addr);
he = gethostbyaddr((char *)&ipv4addr, sizeof ipv4addr, AF_INET);
}
Fixed code example
#include <winsock2.h>
#include <ws2tcpip.h>
void foo()
{
struct sockaddr_in sa;
char host[NI_MAXHOST] = "127.0.0.1";
char service[NI_MAXSERV];
getnameinfo((struct sockaddr *)&sa, sizeof sa, host, sizeof host, service, sizeof service, NI_NUMERICSERV);
}
External guidance
Security training
Application security training materials provided by Secure Code Warrior.