Vulnerabilities > CVE-2017-14491 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Vulnerable Configurations

Part Description Count
Application
Thekelleys
105
Application
Suse
3
Application
Nvidia
17
Application
Synology
4
OS
Redhat
6
OS
Canonical
5
OS
Debian
4
OS
Opensuse
2
OS
Suse
3
OS
Nvidia
2
OS
Microsoft
1
OS
Huawei
1
OS
Arista
37
OS
Siemens
14
OS
Arubanetworks
50
Hardware
Nvidia
2
Hardware
Huawei
1
Hardware
Siemens
4

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionDnsmasq < 2.78 - 2-byte Heap-Based Overflow. CVE-2017-14491. Dos exploit for Multiple platform
fileexploits/multiple/dos/42941.py
idEDB-ID:42941
last seen2017-10-02
modified2017-10-02
platformmultiple
port
published2017-10-02
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42941/
titleDnsmasq < 2.78 - 2-byte Heap-Based Overflow
typedos

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2617-1.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of
    last seen2020-05-09
    modified2017-10-03
    plugin id103638
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103638
    titleSUSE SLES11 Security Update : dnsmasq (SUSE-SU-2017:2617-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0035_DNSMASQ.NASL
    descriptionAn update of the dnsmasq package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121733
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121733
    titlePhoton OS 1.0: Dnsmasq PHSA-2017-0035
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-515264AE24.NASL
    descriptionCVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-24
    plugin id104110
    published2017-10-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104110
    titleFedora 25 : dnsmasq (2017-515264ae24)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2618-1.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103639
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103639
    titleSUSE SLED12 / SLES12 Security Update : dnsmasq (SUSE-SU-2017:2618-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2616-1.NASL
    descriptionThis update for dnsmasq fixes the following issues. Remedy the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] - Prevent a man-in-the-middle attack (bsc#972164, fate#321175). Furthermore, the following issues have been fixed : - Fix DHCP relaying, broken in 2.76 and 2.77. - Update to version 2.78 (fate#321175, fate#322030, bsc#1035227). - Fix PXE booting for UEFI architectures (fate#322030). - Drop PrivateDevices=yes which breaks logging (bsc#902511, bsc#904537) - Build with support for DNSSEC (fate#318323, bsc#908137). Please note that this update brings a (small) potential incompatibility in the handling of
    last seen2020-05-09
    modified2017-10-03
    plugin id103637
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103637
    titleSUSE SLES12 Security Update : dnsmasq (SUSE-SU-2017:2616-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1116.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-10-03
    plugin id103623
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103623
    titleopenSUSE Security Update : dnsmasq (openSUSE-2017-1116)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7106A157F5.NASL
    descriptionCVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105901
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105901
    titleFedora 27 : dnsmasq (2017-7106a157f5)
  • NASL familyFirewalls
    NASL idPFSENSE_2_3_5.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-05-09
    modified2018-04-13
    plugin id109037
    published2018-04-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109037
    titlepfSense < 2.3.5 Multiple Vulnerabilities (KRACK)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0035.NASL
    descriptionAn update of [dnsmasq] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111884
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111884
    titlePhoton OS 1.0: Dnsmasq PHSA-2017-0035 (deprecated)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3989.NASL
    descriptionFelix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code.
    last seen2020-05-09
    modified2017-10-03
    plugin id103608
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103608
    titleDebian DSA-3989-1 : dnsmasq - security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2838.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
    last seen2020-05-09
    modified2017-10-03
    plugin id103606
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103606
    titleCentOS 6 : dnsmasq (CESA-2017:2838)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2836.NASL
    descriptionFrom Red Hat Security Advisory 2017:2836 : An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103625
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103625
    titleOracle Linux 7 : dnsmasq (ELSA-2017-2836)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1251.NASL
    descriptionA memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
    last seen2020-06-01
    modified2020-06-02
    plugin id126963
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126963
    titleAmazon Linux 2 : dnsmasq (ALAS-2019-1251)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-24F067299E.NASL
    descriptionCVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103888
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103888
    titleFedora 26 : dnsmasq (2017-24f067299e)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171002_DNSMASQ_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra- names, ra-advrouter, or ra-stateless. (CVE-2017-14492) - A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add- subnet. (CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add- subnet. (CVE-2017-14496)
    last seen2020-05-09
    modified2017-10-03
    plugin id103635
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103635
    titleScientific Linux Security Update : dnsmasq on SL7.x x86_64 (20171002)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2839.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
    last seen2020-05-09
    modified2017-10-03
    plugin id103631
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103631
    titleRHEL 6 : dnsmasq (RHSA-2017:2839)
  • NASL familyDNS
    NASL idDNSMASQ_2_78.NASL
    descriptionThe version of dnsmasq installed on the remote host is prior to 2.78, and thus, is affected by the following vulnerabilities : - Denial of service related to handling DNS queries exceeding 512 bytes. (CVE-2017-13704) - Heap overflow related to handling DNS requests. (CVE-2017-14491) - Heap overflow related to IPv6 router advertisement handling. (CVE-2017-14492) - Stack overflow related to DHCPv6 request handling. (CVE-2017-14493) - Memory disclosure related to DHCPv6 packet handling. (CVE-2017-14494) - Denial of service related to handling DNS queries. (CVE-2017-14495) - Denial of service related to handling DNS queries. (CVE-2017-14496)
    last seen2020-05-09
    modified2017-10-03
    plugin id103647
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103647
    titlednsmasq < 2.78 Multiple Remote Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1240.NASL
    descriptionAccording to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) - A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-10-13
    plugin id103821
    published2017-10-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103821
    titleEulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2017-1240)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1380.NASL
    descriptionAccording to the versions of the dnsmasq packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.(CVE-2017-14494) - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14496) - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.(CVE-2017-14491) - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.(CVE-2017-14492) - A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code.(CVE-2017-14493) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124883
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124883
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : dnsmasq (EulerOS-SA-2019-1380)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1124.NASL
    descriptionFelix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code. For Debian 7
    last seen2020-05-09
    modified2017-10-09
    plugin id103709
    published2017-10-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103709
    titleDebian DLA-1124-1 : dnsmasq security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2840.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
    last seen2020-05-09
    modified2017-10-03
    plugin id103632
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103632
    titleRHEL 5 : dnsmasq (RHSA-2017:2840)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2836.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103628
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103628
    titleRHEL 7 : dnsmasq (RHSA-2017:2836)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0112_DNSMASQ.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has dnsmasq packages installed that are affected by a vulnerability: - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127349
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127349
    titleNewStart CGSL MAIN 4.05 : dnsmasq Vulnerability (NS-SA-2019-0112)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2837.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 7.2 Extended Update Support and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103629
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103629
    titleRHEL 7 : dnsmasq (RHSA-2017:2837)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201710-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201710-27 (Dnsmasq: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. Impact : A remote attacker could execute arbitrary code or cause a Denial of Service condition via crafted DNS, IPv6, or DHCPv6 packets. Workaround : There is no known workaround at this time.
    last seen2020-05-09
    modified2017-10-23
    plugin id104070
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104070
    titleGLSA-201710-27 : Dnsmasq: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B77B5646A77811E7AC58B499BAEBFEAF.NASL
    descriptionGoogle Project Zero reports : - CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted. - CVE-2017-14492: Heap based overflow. - CVE-2017-14493: Stack Based overflow. - CVE-2017-14494: Information Leak - CVE-2017-14495: Lack of free() - CVE-2017-14496: Invalid boundary checks. Integer underflow leading to a huge memcpy. - CVE-2017-13704: Crash on large DNS query
    last seen2020-05-09
    modified2017-10-03
    plugin id103620
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103620
    titleFreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-2838.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119230
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119230
    titleVirtuozzo 6 : dnsmasq / dnsmasq-utils (VZLSA-2017-2838)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2838.NASL
    descriptionFrom Red Hat Security Advisory 2017:2838 : An update for dnsmasq is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id103626
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103626
    titleOracle Linux 6 : dnsmasq (ELSA-2017-2838)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2838.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
    last seen2020-05-09
    modified2017-10-03
    plugin id103630
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103630
    titleRHEL 6 : dnsmasq (RHSA-2017:2838)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1239.NASL
    descriptionAccording to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) - A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-10-13
    plugin id103820
    published2017-10-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103820
    titleEulerOS 2.0 SP1 : dnsmasq (EulerOS-SA-2017-1239)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1423.NASL
    descriptionAccording to the versions of the dnsmasq packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.(CVE-2017-14492) - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.(CVE-2017-14494) - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.(CVE-2017-14491) - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14496) - A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code.(CVE-2017-14493) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124926
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124926
    titleEulerOS Virtualization 3.0.1.0 : dnsmasq (EulerOS-SA-2019-1423)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-907.NASL
    descriptionInformation leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) Memory exhaustion vulnerability in the EDNS0 code A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) Integer underflow leading to buffer over-read in the EDNS0 code An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Heap overflow in the code responsible for building DNS replies A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Heap overflow in the IPv6 router advertisement code A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) Stack buffer overflow in the DHCPv6 code A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493)
    last seen2020-05-09
    modified2017-10-03
    plugin id103604
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103604
    titleAmazon Linux AMI : dnsmasq (ALAS-2017-907)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-275-01.NASL
    descriptionNew dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103599
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103599
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2017-275-01)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171002_DNSMASQ_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
    last seen2020-05-09
    modified2017-10-03
    plugin id103634
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103634
    titleScientific Linux Security Update : dnsmasq on SL6.x i386/x86_64 (20171002)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3430-1.NASL
    descriptionFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14492) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14493) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103641
    published2017-10-03
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103641
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : dnsmasq vulnerabilities (USN-3430-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2836.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103605
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103605
    titleCentOS 7 : dnsmasq (CESA-2017:2836)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2619-1.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of
    last seen2020-05-09
    modified2017-10-03
    plugin id103640
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103640
    titleSUSE SLES11 Security Update : dnsmasq (SUSE-SU-2017:2619-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0160.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2017-14491) - Resolves: #1154953 - use both SO_REUSEADDR and SO_REUSEPORT - Resolves: #1288617 - add missing patch file - Resolves: #1288617 - dnsmasq: Non-interactive startup might lead to 100% cpu &nbsp consumption
    last seen2020-06-01
    modified2020-06-02
    plugin id103627
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103627
    titleOracleVM 3.4 : dnsmasq (OVMSA-2017-0160)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2841.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
    last seen2020-05-09
    modified2017-10-03
    plugin id103633
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103633
    titleRHEL 5 : dnsmasq (RHSA-2017:2841)
  • NASL familyMisc.
    NASL idARISTA_EOS_SA0030.NASL
    descriptionThe version of Arista Networks EOS running on the remote device is affected by a heap-based buffer overflow in dnsmasq. This vulnerability allows a remote, unauthenticated attacker to run arbitrary code, create a denial of service (DoS) or an out of memory situation. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-17
    modified2020-02-19
    plugin id133801
    published2020-02-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133801
    titleArista Networks EOS DNS 2 byte heap based overflow RCE (SA0030)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144480/dnsmasq2byte-overflow.txt
idPACKETSTORM:144480
last seen2017-10-03
published2017-10-02
reporterGoogle Security Research
sourcehttps://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html
titleDnsmasq 2-Byte Heap-Based Overflow

Redhat

advisories
  • bugzilla
    id1495409
    titleCVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentdnsmasq-utils is earlier than 0:2.48-18.el6_9
            ovaloval:com.redhat.rhsa:tst:20172838001
          • commentdnsmasq-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20172117002
        • AND
          • commentdnsmasq is earlier than 0:2.48-18.el6_9
            ovaloval:com.redhat.rhsa:tst:20172838003
          • commentdnsmasq is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20172117004
    rhsa
    idRHSA-2017:2838
    released2017-10-02
    severityCritical
    titleRHSA-2017:2838: dnsmasq security update (Critical)
  • bugzilla
    id1495409
    titleCVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentdnsmasq is earlier than 0:2.45-2.el5_11.1
        ovaloval:com.redhat.rhsa:tst:20172840001
      • commentdnsmasq is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20080789002
    rhsa
    idRHSA-2017:2840
    released2017-10-02
    severityCritical
    titleRHSA-2017:2840: dnsmasq security update (Critical)
  • rhsa
    idRHSA-2017:2836
  • rhsa
    idRHSA-2017:2837
  • rhsa
    idRHSA-2017:2839
  • rhsa
    idRHSA-2017:2841
rpms
  • dnsmasq-0:2.76-2.el7_4.2
  • dnsmasq-debuginfo-0:2.76-2.el7_4.2
  • dnsmasq-utils-0:2.76-2.el7_4.2
  • dnsmasq-0:2.66-14.el7_2.2
  • dnsmasq-0:2.66-21.el7_3.2
  • dnsmasq-debuginfo-0:2.66-14.el7_2.2
  • dnsmasq-debuginfo-0:2.66-21.el7_3.2
  • dnsmasq-utils-0:2.66-14.el7_2.2
  • dnsmasq-utils-0:2.66-21.el7_3.2
  • dnsmasq-0:2.48-18.el6_9
  • dnsmasq-debuginfo-0:2.48-18.el6_9
  • dnsmasq-utils-0:2.48-18.el6_9
  • dnsmasq-0:2.48-13.el6_4.1
  • dnsmasq-0:2.48-13.el6_5.1
  • dnsmasq-0:2.48-14.el6_6.1
  • dnsmasq-0:2.48-16.el6_7.1
  • dnsmasq-0:2.48-5.el6_2.2
  • dnsmasq-debuginfo-0:2.48-13.el6_4.1
  • dnsmasq-debuginfo-0:2.48-13.el6_5.1
  • dnsmasq-debuginfo-0:2.48-14.el6_6.1
  • dnsmasq-debuginfo-0:2.48-16.el6_7.1
  • dnsmasq-debuginfo-0:2.48-5.el6_2.2
  • dnsmasq-utils-0:2.48-13.el6_4.1
  • dnsmasq-utils-0:2.48-13.el6_5.1
  • dnsmasq-utils-0:2.48-14.el6_6.1
  • dnsmasq-utils-0:2.48-16.el6_7.1
  • dnsmasq-0:2.45-2.el5_11.1
  • dnsmasq-debuginfo-0:2.45-2.el5_11.1
  • dnsmasq-0:2.45-2.el5_9.1
  • dnsmasq-debuginfo-0:2.45-2.el5_9.1

Seebug

bulletinFamilyexploit
description#### 1) Build the docker and open three terminals ``` docker build -t dnsmasq . docker run --rm -t -i --name dnsmasq_test dnsmasq bash docker cp poc.py dnsmasq_test:/poc.py docker exec -it <container_id> bash docker exec -it <container_id> bash ``` #### 2) On one terminal let’s launch attacker controlled DNS server: ``` # python poc.py 127.0.0.2 53 Listening at 127.0.0.2:53 ``` 3) On another terminal let’s launch dnsmasq forwarding queries to attacker controlled DNS: ``` # /testing/dnsmasq/src/dnsmasq -p 53535 --no-daemon --log-queries -S 127.0.0.2 --no-hosts --no-resolv dnsmasq: started, version 2.78test2-8-ga3303e1 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dnsmasq: using nameserver 127.0.0.2#53 dnsmasq: cleared cache ``` #### 4) Let’s fake a client making a request twice (or more) so we hit the dnsmasq cache: ``` # dig @localhost -p 53535 -x 8.8.8.125 > /dev/null # dig @localhost -p 53535 -x 8.8.8.125 > /dev/null ``` #### 5) The crash might not be triggered on the first try due to the non-deterministic order of the dnsmasq cache. Restarting dnsmasq and retrying should be sufficient to trigger a crash.
idSSV:96618
last seen2017-11-19
modified2017-10-09
published2017-10-09
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-96618
titleDnsmasq Heap based overflow(CVE-2017-14491)

The Hacker News

idTHN:D2096A5FA799B07E97FD2767D8E6C641
last seen2018-01-27
modified2017-10-03
published2017-10-02
reporterMohit Kumar
sourcehttps://thehackernews.com/2017/10/dnsmasq-network-services.html
titleGoogle Finds 7 Security Flaws in Widely Used Dnsmasq Network Software

References