Vulnerability CVE-2017-14491


Published: 2017-10-03   Modified: 2017-10-04

Description:
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

See advisories in our WLB2 database:
Topic
Author
Date
High
Dnsmasq < 2.78 2-byte Heap-Based Overflow
Multiple
03.10.2017

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Debian
Product: Debian linux 
Version:
9.0
7.1
7.0
Vendor: Redhat
Product: Enterprise linux desktop 
Version: 7.0; 6.0;
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Vendor: Novell
Product: LEAP 
Version: 42.3; 42.2;
Vendor: Thekelleys
Product: Dnsmasq 
Version: 2.77;
Vendor: Canonical
Product: Ubuntu linux 
Version:
17.04
16.04
14.04
12.04

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
http://www.debian.org/security/2017/dsa-3989
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
http://www.ubuntu.com/usn/USN-3430-1
http://www.ubuntu.com/usn/USN-3430-2
https://access.redhat.com/errata/RHSA-2017:2836
https://access.redhat.com/errata/RHSA-2017:2837
https://access.redhat.com/errata/RHSA-2017:2838
https://access.redhat.com/errata/RHSA-2017:2839
https://access.redhat.com/errata/RHSA-2017:2840
https://access.redhat.com/errata/RHSA-2017:2841
https://access.redhat.com/security/vulnerabilities/3199382
https://security.gentoo.org/glsa/201710-27
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://www.exploit-db.com/exploits/42941/
https://www.kb.cert.org/vuls/id/973527
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Related CVE
CVE-2017-14180
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain...
CVE-2017-14179
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root priv...
CVE-2017-14177
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileg...
CVE-2017-16612
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcur...
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
CVE-2017-14746
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1622...

Copyright 2018, cxsecurity.com

 

Back to Top