Vulnerability CVE-2017-14491


Published: 2017-10-03   Modified: 2017-10-04

Description:
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

See advisories in our WLB2 database:
Topic
Author
Date
High
Dnsmasq < 2.78 2-byte Heap-Based Overflow
Multiple
03.10.2017

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Debian
Product: Debian linux 
Version:
9.0
7.1
7.0
Vendor: Redhat
Product: Enterprise linux desktop 
Version: 7.0; 6.0;
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Vendor: Novell
Product: LEAP 
Version: 42.3; 42.2;
Vendor: Thekelleys
Product: Dnsmasq 
Version: 2.77;
Vendor: Canonical
Product: Ubuntu linux 
Version:
17.04
16.04
14.04
12.04

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
http://www.debian.org/security/2017/dsa-3989
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
http://www.ubuntu.com/usn/USN-3430-1
http://www.ubuntu.com/usn/USN-3430-2
https://access.redhat.com/errata/RHSA-2017:2836
https://access.redhat.com/errata/RHSA-2017:2837
https://access.redhat.com/errata/RHSA-2017:2838
https://access.redhat.com/errata/RHSA-2017:2839
https://access.redhat.com/errata/RHSA-2017:2840
https://access.redhat.com/errata/RHSA-2017:2841
https://access.redhat.com/security/vulnerabilities/3199382
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
https://security.gentoo.org/glsa/201710-27
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://www.exploit-db.com/exploits/42941/
https://www.kb.cert.org/vuls/id/973527
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Related CVE
CVE-2019-19244
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2019-18676
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurri...
CVE-2019-18679
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits wi...
CVE-2019-15845
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
CVE-2019-3466
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVE-2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, rela...
CVE-2015-3166
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have ...

Copyright 2019, cxsecurity.com

 

Back to Top