Errata ALT-PU-2017-2387-1: Information
Fixes
Published: Sept. 25, 2017
BDU:2017-02357
Уязвимость функции add_pseudoheader DNS-сервера Dnsmasq, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 25, 2017
BDU:2017-02358
Уязвимость DNS-сервера Dnsmasq, вызванная переполнением буфера на стеке, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 25, 2017
BDU:2017-02359
Уязвимость DNS-сервера Dnsmasq, вызванная переполнением буфера в динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 25, 2017
BDU:2017-02360
Уязвимость DNS-сервера Dnsmasq, связанная с переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Sept. 25, 2017
BDU:2018-00110
Уязвимость DNS-сервера dnsmasq, связанная с недостатками обработки перенаправленных DHCPv6-запросов, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Sept. 7, 2017
BDU:2022-07423
Уязвимость функции memset() DNS-сервера Dnsmasq, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-13704
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- 1039474
- 101085
- https://access.redhat.com/security/vulnerabilities/3199382
- 101977
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- FEDORA-2017-274d763ed8
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=63437ffbb58837b214b4b92cb1c54bc5f3279928
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.
Published: Oct. 4, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- 1039474
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- 42941
- 101085
- VU#973527
- https://access.redhat.com/security/vulnerabilities/3199382
- RHSA-2017:2841
- RHSA-2017:2840
- RHSA-2017:2839
- RHSA-2017:2838
- RHSA-2017:2837
- RHSA-2017:2836
- USN-3430-2
- USN-3430-1
- DSA-3989
- openSUSE-SU-2017:2633
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- GLSA-201710-27
- 101977
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
- http://nvidia.custhelp.com/app/answers/detail/a_id/4560
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/
- USN-3430-3
- SUSE-SU-2017:2619
- DSA-3989
- SUSE-SU-2017:2617
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449
- http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
- SUSE-SU-2017:2616
- https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.
- FEDORA-2017-515264ae24
- FEDORA-2017-24f067299e
- FEDORA-2017-7106a157f5
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- 42942
- 101085
- VU#973527
- https://access.redhat.com/security/vulnerabilities/3199382
- RHSA-2017:2837
- RHSA-2017:2836
- USN-3430-2
- USN-3430-1
- DSA-3989
- openSUSE-SU-2017:2633
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- GLSA-201710-27
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- 1039474
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=24036ea507862c7b7898b68289c8130f85599c10
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-14493
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- 1039474
- 42943
- 101085
- VU#973527
- https://access.redhat.com/security/vulnerabilities/3199382
- RHSA-2017:2837
- RHSA-2017:2836
- USN-3430-2
- USN-3430-1
- DSA-3989
- openSUSE-SU-2017:2633
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- GLSA-201710-27
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-14494
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- 1039474
- 42944
- VU#973527
- https://access.redhat.com/security/vulnerabilities/3199382
- RHSA-2017:2837
- RHSA-2017:2836
- USN-3430-2
- USN-3430-1
- DSA-3989
- openSUSE-SU-2017:2633
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- GLSA-201710-27
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- 101085
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=33e3f1029c9ec6c63e430ff51063a6301d4b2262
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-14495
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- 1039474
- 42945
- 101085
- VU#973527
- https://access.redhat.com/security/vulnerabilities/3199382
- RHSA-2017:2836
- USN-3430-2
- USN-3430-1
- DSA-3989
- openSUSE-SU-2017:2633
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- 101977
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- GLSA-201710-27
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=51eadb692a5123b9838e5a68ecace3ac579a3a45
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-14496
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- https://source.android.com/security/bulletin/2017-10-01
- 1039474
- 42946
- 101085
- VU#973527
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- GLSA-201710-27
- 101977
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
- openSUSE-SU-2017:2633
- DSA-3989
- USN-3430-1
- USN-3430-2
- RHSA-2017:2836
- https://access.redhat.com/security/vulnerabilities/3199382
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
- [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
- [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.