SV.USAGERULES.SPOOFING

Spoofing security vulnerability

Certain system calls, typically DNS lookups, are vulnerable to spoofing. The SV.USAGERULES.SPOOFING checker flags instances of the system calls, gethostbyaddr, gethostbyname, and sethostname, which are potential targets of spoofing because they are dependent on data from the host server.

Vulnerability and risk

Spoofing allows a malicious user to gain trusted status by poisoning the DNS cache. An example of this vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by an attacker to display a fake URL in the address and status bars. In this case, the vulnerability is caused by an input validation error.

Successful exploitation allows an attacker to display an arbitrary fully qualified domain name (FQDN) in the address and status bars which is different from the actual location of the page. This practice can trick users into divulging sensitive information, or downloading and executing malware on their systems, because they trust the faked domain.

Mitigation and prevention

To avoid this vulnerability:

  • Make sure all system input is validated properly.
  • Use IP addresses rather than DNS names. IP addresses can also be spoofed but they are generally more reliable than DNS names.

Vulnerable code example

Copy
   #include <winsock2.h>
   #include <ws2tcpip.h>

   void foo()
   {
      struct hostent *he;
      struct in_addr ipv4addr = { 0 };

      inet_pton(AF_INET, "127.0.0.1", &ipv4addr);
     he = gethostbyaddr((char *)&ipv4addr, sizeof ipv4addr, AF_INET);
  }

Fixed code example

Copy
   #include <winsock2.h>
   #include <ws2tcpip.h>

   void foo()
   {
      struct sockaddr_in sa;
      char host[NI_MAXHOST] = "127.0.0.1";
      char service[NI_MAXSERV];

     getnameinfo((struct sockaddr *)&sa, sizeof sa, host, sizeof host, service, sizeof service, NI_NUMERICSERV);
  }

Security training

Application security training materials provided by Secure Code Warrior.