JVN#81094176
Android OS may behave as an open resolver
Overview
Android OS contains an issue where it may behave as an open resolver.
Products Affected
- Android OS versions prior to 4.3
Description
A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver.
Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled.
Impact
The Android device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack.
A device is not affected by this issue depending on the network it is connected to. For details, refer to the information provided under "Vendor Status".
Solution
Apply an Update
Apply the update according to the information provided by the provider or developer.
Apply a Workaround
The following workaround may mitigate the affects of this vulnerability.
- Do not connect to an untrusted network or Wi-Fi access point with the tethering function on
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| BUFFALO INC. | Not Vulnerable | 2015/03/27 | |
| Cybozu, Inc. | Not Vulnerable | 2015/03/27 | |
| Disney Mobile on SoftBank | Vulnerable | 2015/03/27 | |
| JT Engineering inc. | Not Vulnerable | 2015/03/27 | |
| KDDI CORPORATION | Vulnerable | 2015/03/27 | |
| NEC Corporation | Not Vulnerable | 2015/03/27 | |
| NTT DOCOMO, INC. | Vulnerable | 2015/06/25 | |
| RICOH COMPANY, LTD. | Not Vulnerable | 2015/03/27 | |
| SoftBank | Vulnerable | 2015/03/27 | |
| Y!mobile | Vulnerable | 2015/03/27 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2015.03.27 (CVSS Base Metrics)
| Measures | Severity | Description | ||
|---|---|---|---|---|
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) | A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". |
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) | Specialized access conditions exist. |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) | Authentication is not required to exploit the vulnerability. |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) | There is no impact to the confidentiality of the system. |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) | There is no impact to the integrity of the system. |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) | There is reduced performance or interruptions in resource availability. |
Base Score:2.6
Credit
Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2015-000045 |
Update History
- 2015/05/28
- NTT DOCOMO, INC. update status
- 2015/06/26
- NTT DOCOMO, INC. update status