Vulnerabilities > CVE-2017-14496 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redhat
google
debian
novell
canonical
thekelleys
CWE-191
nessus
exploit available

Summary

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Vulnerable Configurations

Part Description Count
OS
Redhat
3
OS
Google
9
OS
Debian
3
OS
Novell
2
OS
Canonical
3
Application
Thekelleys
105

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionDnsmasq < 2.78 - Integer Underflow. CVE-2017-14496. Dos exploit for Multiple platform
fileexploits/multiple/dos/42946.py
idEDB-ID:42946
last seen2017-10-04
modified2017-10-02
platformmultiple
port
published2017-10-02
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42946/
titleDnsmasq < 2.78 - Integer Underflow
typedos

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2617-1.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of
    last seen2020-05-09
    modified2017-10-03
    plugin id103638
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103638
    titleSUSE SLES11 Security Update : dnsmasq (SUSE-SU-2017:2617-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0035_DNSMASQ.NASL
    descriptionAn update of the dnsmasq package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121733
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121733
    titlePhoton OS 1.0: Dnsmasq PHSA-2017-0035
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-515264AE24.NASL
    descriptionCVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-24
    plugin id104110
    published2017-10-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104110
    titleFedora 25 : dnsmasq (2017-515264ae24)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2618-1.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103639
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103639
    titleSUSE SLED12 / SLES12 Security Update : dnsmasq (SUSE-SU-2017:2618-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2616-1.NASL
    descriptionThis update for dnsmasq fixes the following issues. Remedy the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] - Prevent a man-in-the-middle attack (bsc#972164, fate#321175). Furthermore, the following issues have been fixed : - Fix DHCP relaying, broken in 2.76 and 2.77. - Update to version 2.78 (fate#321175, fate#322030, bsc#1035227). - Fix PXE booting for UEFI architectures (fate#322030). - Drop PrivateDevices=yes which breaks logging (bsc#902511, bsc#904537) - Build with support for DNSSEC (fate#318323, bsc#908137). Please note that this update brings a (small) potential incompatibility in the handling of
    last seen2020-05-09
    modified2017-10-03
    plugin id103637
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103637
    titleSUSE SLES12 Security Update : dnsmasq (SUSE-SU-2017:2616-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1116.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-10-03
    plugin id103623
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103623
    titleopenSUSE Security Update : dnsmasq (openSUSE-2017-1116)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7106A157F5.NASL
    descriptionCVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105901
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105901
    titleFedora 27 : dnsmasq (2017-7106a157f5)
  • NASL familyFirewalls
    NASL idPFSENSE_2_3_5.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-05-09
    modified2018-04-13
    plugin id109037
    published2018-04-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109037
    titlepfSense < 2.3.5 Multiple Vulnerabilities (KRACK)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0035.NASL
    descriptionAn update of [dnsmasq] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111884
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111884
    titlePhoton OS 1.0: Dnsmasq PHSA-2017-0035 (deprecated)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3989.NASL
    descriptionFelix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code.
    last seen2020-05-09
    modified2017-10-03
    plugin id103608
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103608
    titleDebian DSA-3989-1 : dnsmasq - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2836.NASL
    descriptionFrom Red Hat Security Advisory 2017:2836 : An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103625
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103625
    titleOracle Linux 7 : dnsmasq (ELSA-2017-2836)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1251.NASL
    descriptionA memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
    last seen2020-06-01
    modified2020-06-02
    plugin id126963
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126963
    titleAmazon Linux 2 : dnsmasq (ALAS-2019-1251)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-24F067299E.NASL
    descriptionCVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103888
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103888
    titleFedora 26 : dnsmasq (2017-24f067299e)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171002_DNSMASQ_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra- names, ra-advrouter, or ra-stateless. (CVE-2017-14492) - A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add- subnet. (CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add- subnet. (CVE-2017-14496)
    last seen2020-05-09
    modified2017-10-03
    plugin id103635
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103635
    titleScientific Linux Security Update : dnsmasq on SL7.x x86_64 (20171002)
  • NASL familyDNS
    NASL idDNSMASQ_2_78.NASL
    descriptionThe version of dnsmasq installed on the remote host is prior to 2.78, and thus, is affected by the following vulnerabilities : - Denial of service related to handling DNS queries exceeding 512 bytes. (CVE-2017-13704) - Heap overflow related to handling DNS requests. (CVE-2017-14491) - Heap overflow related to IPv6 router advertisement handling. (CVE-2017-14492) - Stack overflow related to DHCPv6 request handling. (CVE-2017-14493) - Memory disclosure related to DHCPv6 packet handling. (CVE-2017-14494) - Denial of service related to handling DNS queries. (CVE-2017-14495) - Denial of service related to handling DNS queries. (CVE-2017-14496)
    last seen2020-05-09
    modified2017-10-03
    plugin id103647
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103647
    titlednsmasq < 2.78 Multiple Remote Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1380.NASL
    descriptionAccording to the versions of the dnsmasq packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.(CVE-2017-14494) - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14496) - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.(CVE-2017-14491) - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.(CVE-2017-14492) - A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code.(CVE-2017-14493) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124883
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124883
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : dnsmasq (EulerOS-SA-2019-1380)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2836.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103628
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103628
    titleRHEL 7 : dnsmasq (RHSA-2017:2836)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201710-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201710-27 (Dnsmasq: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. Impact : A remote attacker could execute arbitrary code or cause a Denial of Service condition via crafted DNS, IPv6, or DHCPv6 packets. Workaround : There is no known workaround at this time.
    last seen2020-05-09
    modified2017-10-23
    plugin id104070
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104070
    titleGLSA-201710-27 : Dnsmasq: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B77B5646A77811E7AC58B499BAEBFEAF.NASL
    descriptionGoogle Project Zero reports : - CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted. - CVE-2017-14492: Heap based overflow. - CVE-2017-14493: Stack Based overflow. - CVE-2017-14494: Information Leak - CVE-2017-14495: Lack of free() - CVE-2017-14496: Invalid boundary checks. Integer underflow leading to a huge memcpy. - CVE-2017-13704: Crash on large DNS query
    last seen2020-05-09
    modified2017-10-03
    plugin id103620
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103620
    titleFreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1285.NASL
    descriptionAccording to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) As this issue only affects configurations using the add-mac, add-cpe-id, or add-subnet options, and these are not enabled by default in dnsmasq on EulerOS, this vulnerability may not actively affect the system at this time, but has the potential to do so if the configuration changes. Updating the version of these packages is the safest course of action. Note that Tenable Network Security has extracted most of the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117729
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117729
    titleEulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2018-1285)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1423.NASL
    descriptionAccording to the versions of the dnsmasq packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.(CVE-2017-14492) - An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.(CVE-2017-14494) - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.(CVE-2017-14491) - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14495) - An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.(CVE-2017-14496) - A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code.(CVE-2017-14493) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124926
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124926
    titleEulerOS Virtualization 3.0.1.0 : dnsmasq (EulerOS-SA-2019-1423)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-907.NASL
    descriptionInformation leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) Memory exhaustion vulnerability in the EDNS0 code A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) Integer underflow leading to buffer over-read in the EDNS0 code An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Heap overflow in the code responsible for building DNS replies A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Heap overflow in the IPv6 router advertisement code A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) Stack buffer overflow in the DHCPv6 code A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493)
    last seen2020-05-09
    modified2017-10-03
    plugin id103604
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103604
    titleAmazon Linux AMI : dnsmasq (ALAS-2017-907)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-275-01.NASL
    descriptionNew dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103599
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103599
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2017-275-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3430-1.NASL
    descriptionFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14492) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14493) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103641
    published2017-10-03
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103641
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : dnsmasq vulnerabilities (USN-3430-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2836.NASL
    descriptionAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es) : * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
    last seen2020-05-09
    modified2017-10-03
    plugin id103605
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103605
    titleCentOS 7 : dnsmasq (CESA-2017:2836)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2619-1.NASL
    descriptionThis update for dnsmasq fixes the following security issues : - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of
    last seen2020-05-09
    modified2017-10-03
    plugin id103640
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103640
    titleSUSE SLES11 Security Update : dnsmasq (SUSE-SU-2017:2619-1)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144462/dnsmask-underflow.txt
idPACKETSTORM:144462
last seen2017-10-03
published2017-10-02
reporterGoogle Security Research
sourcehttps://packetstormsecurity.com/files/144462/Dnsmasq-Integer-Underflow.html
titleDnsmasq Integer Underflow

Redhat

advisories
bugzilla
id1495416
titleCVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentdnsmasq-utils is earlier than 0:2.76-2.el7_4.2
          ovaloval:com.redhat.rhsa:tst:20172836001
        • commentdnsmasq-utils is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20172117002
      • AND
        • commentdnsmasq is earlier than 0:2.76-2.el7_4.2
          ovaloval:com.redhat.rhsa:tst:20172836003
        • commentdnsmasq is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20172117004
rhsa
idRHSA-2017:2836
released2017-10-02
severityCritical
titleRHSA-2017:2836: dnsmasq security update (Critical)
rpms
  • dnsmasq-0:2.76-2.el7_4.2
  • dnsmasq-debuginfo-0:2.76-2.el7_4.2
  • dnsmasq-utils-0:2.76-2.el7_4.2

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:96623
last seen2017-11-19
modified2017-10-09
published2017-10-09
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-96623
titleDnsmasq DoS Vulnerability(CVE-2017-14496)

The Hacker News

idTHN:D2096A5FA799B07E97FD2767D8E6C641
last seen2018-01-27
modified2017-10-03
published2017-10-02
reporterMohit Kumar
sourcehttps://thehackernews.com/2017/10/dnsmasq-network-services.html
titleGoogle Finds 7 Security Flaws in Widely Used Dnsmasq Network Software

References