Vulnerabilities > CVE-2019-14834
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Vulnerable Configurations
Nessus
NASL family DNS NASL id DNSMASQ_2_81.NASL description The version of dnsmasq installed on the remote host is prior to 2.81. It is, therefore, affected by a denial of service (DoS) vulnerability in last seen 2020-05-15 modified 2020-05-08 plugin id 136411 published 2020-05-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136411 title dnsmasq < 2.81 Denial of Service (DoS) Vulnerability code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136411); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13"); script_cve_id("CVE-2019-14834"); script_xref(name:"IAVA", value:"2020-A-0194"); script_name(english:"dnsmasq < 2.81 Denial of Service (DoS) Vulnerability"); script_set_attribute(attribute:"synopsis", value: "The remote DNS / DHCP service is affected by DoS vulnerability"); script_set_attribute(attribute:"description", value: "The version of dnsmasq installed on the remote host is prior to 2.81. It is, therefore, affected by a denial of service (DoS) vulnerability in 'helper.c' due to a memory leak. An unauthenticated, remote attacker can exploit this issue, to cause the application to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?19058d2f"); script_set_attribute(attribute:"see_also", value:"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"); script_set_attribute(attribute:"solution", value: "Upgrade to dnsmasq 2.81 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14834"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/08"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:thekelleys:dnsmasq"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("dns_version.nasl"); script_require_keys("dns_server/version", "Settings/ParanoidReport"); script_require_ports("Services/dns", 53); exit(0); } include('audit.inc'); app_name = 'dnsmasq'; port = get_kb_item('Services/udp/dns'); if (!port) port = 53; if (report_paranoia < 2) audit(AUDIT_PARANOID); # dnsmasq replies to BIND.VERSION version = tolower(get_kb_item_or_exit('dns_server/version')); display_version = version; if (version !~ "dnsmasq-(v)?") audit(AUDIT_NOT_LISTEN, app_name, port); version = preg_replace(pattern:"^dnsmasq-(v)?(.*)$", replace:"\2", string:version); if (version == '2') audit(AUDIT_VER_NOT_GRANULAR, app_name, port, display_version); fix = '2.81'; if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0) audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version, 'udp'); report = '\n' + '\n Installed version : ' + display_version + '\n Fixed version : dnsmasq-' + fix + '\n'; security_report_v4(port:port, proto:"udp", severity:SECURITY_WARNING, extra:report);NASL family Fedora Local Security Checks NASL id FEDORA_2020-29B442F83E.NASL description Fixes possible memory leak and regression with multiple dhcp-host lines with different address family and the same mac address Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-05-29 plugin id 136953 published 2020-05-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136953 title Fedora 31 : dnsmasq (2020-29b442f83e) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-29b442f83e. # include("compat.inc"); if (description) { script_id(136953); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22"); script_cve_id("CVE-2019-14834"); script_xref(name:"FEDORA", value:"2020-29b442f83e"); script_xref(name:"IAVA", value:"2020-A-0194"); script_name(english:"Fedora 31 : dnsmasq (2020-29b442f83e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes possible memory leak and regression with multiple dhcp-host lines with different address family and the same mac address Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-29b442f83e" ); script_set_attribute( attribute:"solution", value:"Update the affected dnsmasq package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14834"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dnsmasq"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"dnsmasq-2.80-15.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1097.NASL description According to the version of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.(CVE-2019-14834) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-09 modified 2020-02-24 plugin id 133898 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133898 title EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2020-1097) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(133898); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id( "CVE-2019-14834" ); script_xref(name:"IAVA", value:"2020-A-0194"); script_name(english:"EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2020-1097)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.(CVE-2019-14834) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1097 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?169343ab"); script_set_attribute(attribute:"solution", value: "Update the affected dnsmasq package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dnsmasq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dnsmasq-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"stig_severity", value:"I"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dnsmasq-2.76-5.h4.eulerosv2r7", "dnsmasq-utils-2.76-5.h4.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2669.NASL description This update for dnsmasq fixes the following issues : Security issues fixed: 	 - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed : - Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). - Removed cache size limit (bsc#1138743). - bsc#1152539: include config files from /etc/dnsmasq.d/*.conf . This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-05-09 modified 2019-12-12 plugin id 131994 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131994 title openSUSE Security Update : dnsmasq (openSUSE-2019-2669) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-2669. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(131994); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id("CVE-2017-15107", "CVE-2019-14834"); script_xref(name:"IAVA", value:"2020-A-0194"); script_name(english:"openSUSE Security Update : dnsmasq (openSUSE-2019-2669)"); script_summary(english:"Check for the openSUSE-2019-2669 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for dnsmasq fixes the following issues : Security issues fixed: 	 - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed : - Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). - Removed cache size limit (bsc#1138743). - bsc#1152539: include config files from /etc/dnsmasq.d/*.conf . This update was imported from the SUSE:SLE-15-SP1:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076958" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138743" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1152539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154849" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156543" ); script_set_attribute( attribute:"solution", value:"Update the affected dnsmasq packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dnsmasq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dnsmasq-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dnsmasq-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dnsmasq-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dnsmasq-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12"); script_set_attribute(attribute:"stig_severity", value:"I"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"dnsmasq-2.78-lp151.5.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"dnsmasq-debuginfo-2.78-lp151.5.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"dnsmasq-debugsource-2.78-lp151.5.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"dnsmasq-utils-2.78-lp151.5.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"dnsmasq-utils-debuginfo-2.78-lp151.5.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq / dnsmasq-debuginfo / dnsmasq-debugsource / dnsmasq-utils / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3188-1.NASL description This update for dnsmasq fixes the following issues : Security issues fixed : CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed: Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). Removed cache size limit (bsc#1138743). Included config files from /etc/dnsmasq.d/*.conf (bsc#1152539). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-09 modified 2019-12-06 plugin id 131757 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131757 title SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2019:3188-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:3188-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(131757); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id("CVE-2017-15107", "CVE-2019-14834"); script_xref(name:"IAVA", value:"2020-A-0194"); script_name(english:"SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2019:3188-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for dnsmasq fixes the following issues : Security issues fixed : CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed: Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). Removed cache size limit (bsc#1138743). Included config files from /etc/dnsmasq.d/*.conf (bsc#1152539). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076958" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138743" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1152539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1154849" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1156543" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15107/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14834/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20193188-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d811f807" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-3188=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-3188=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dnsmasq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dnsmasq-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dnsmasq-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dnsmasq-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dnsmasq-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/06"); script_set_attribute(attribute:"stig_severity", value:"I"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-debuginfo-2.78-3.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-debugsource-2.78-3.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-utils-2.78-3.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-utils-debuginfo-2.78-3.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-2.78-3.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-debuginfo-2.78-3.8.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"dnsmasq-debugsource-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-debuginfo-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-debugsource-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-utils-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-utils-debuginfo-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-debuginfo-2.78-3.8.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"dnsmasq-debugsource-2.78-3.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1530.NASL description According to the versions of the dnsmasq packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.(CVE-2019-14834) - A vulnerability was found in Dnsmasq last seen 2020-05-09 modified 2020-05-01 plugin id 136233 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136233 title EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2020-1530) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(136233); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id( "CVE-2017-15107", "CVE-2019-14834" ); script_xref(name:"IAVA", value:"2020-A-0194"); script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2020-1530)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the dnsmasq packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.(CVE-2019-14834) - A vulnerability was found in Dnsmasq's implementation of DNSSEC. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.(CVE-2017-15107) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1530 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6266d092"); script_set_attribute(attribute:"solution", value: "Update the affected dnsmasq packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dnsmasq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dnsmasq-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0"); script_set_attribute(attribute:"stig_severity", value:"I"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["dnsmasq-2.76-5.h5", "dnsmasq-utils-2.76-5.h5"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0419-1.NASL description This update for dnsmasq fixes the following issues : Security issue fixed : CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) Other issue addressed: Removed cache size limit (bsc#1138743). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-09 modified 2020-02-20 plugin id 133837 published 2020-02-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133837 title SUSE SLED12 / SLES12 Security Update : dnsmasq (SUSE-SU-2020:0419-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0265_DNSMASQ.NASL description An update of the dnsmasq package has been released. last seen 2020-05-09 modified 2020-01-29 plugin id 133301 published 2020-01-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133301 title Photon OS 1.0: Dnsmasq PHSA-2020-1.0-0265 NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3189-1.NASL description This update for dnsmasq fixes the following issues : Security issues fixed : CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed: Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). Removed cache size limit (bsc#1138743). bsc#1152539: include config files from /etc/dnsmasq.d/*.conf . Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-09 modified 2019-12-06 plugin id 131758 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131758 title SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2019:3189-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1378.NASL description According to the version of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.(CVE-2019-14834) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-09 modified 2020-04-15 plugin id 135507 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135507 title EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2020-1378)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14834
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14834
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU474LT66BHNVFG5C4GEV3VTZNAEJ3BS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU474LT66BHNVFG5C4GEV3VTZNAEJ3BS/