Google gVisor TCP and UDP Header Vulnerability Allows Predictable Source Ports

A vulnerability in the Google gVisor network stack used by the Fuchsia operating system allows for the prediction of TCP and UDP source ports by an external attacker. This issue arises from weaknesses in the algorithmic generation of these ports and certain header values, utilizing a pseudo-random number generator (PRNG) that is not cryptographically secure. The vulnerability can be exploited under specific conditions, particularly through the manipulation of network protocol headers.

Impact

Exploitation of this vulnerability allows for the prediction of TCP and UDP source ports, which can be used to track devices across the internet and potentially facilitate other network attacks.

Reproduction

The vulnerability can be reproduced by accessing a website that includes a tracking snippet. This snippet can extract the PRNG seed and hashing key from the device's network stack, which are then used to predict the values of TCP and UDP headers. This can be done through a regular web browser or in 'Incognito' mode, across various networks and devices.

Remediation

Users can update to the latest version of Google gVisor, where this vulnerability has been addressed.