Vulnerability CVE-2017-14494: Information

Description

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14494
Published: Oct. 3, 2017
Modified: Nov. 7, 2023
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
dnsmasqsisyphus2.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqp102.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqp92.78-alt12.85-alt2.p9.1ALT-PU-2017-2387-1190404Fixed
dnsmasqp82.78-alt0.M80P.12.78-alt0.M80P.1ALT-PU-2017-2399-1190531Fixed
dnsmasqc10f12.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqc9f22.78-alt12.90-alt1ALT-PU-2017-2387-1190404Fixed
dnsmasqc72.72-alt1.M70C.22.72-alt1.M70C.2ALT-PU-2017-2408-1190552Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
  • Third Party Advisory
http://thekelleys.org.uk/dnsmasq/CHANGELOG
  • Release Notes
  • Vendor Advisory
1039474
  • Third Party Advisory
  • VDB Entry
42944
  • Third Party Advisory
  • VDB Entry
VU#973527
  • Third Party Advisory
  • US Government Resource
https://access.redhat.com/security/vulnerabilities/3199382
  • Issue Tracking
  • Third Party Advisory
RHSA-2017:2837
  • Patch
  • Third Party Advisory
RHSA-2017:2836
  • Patch
  • Third Party Advisory
USN-3430-2
  • Third Party Advisory
USN-3430-1
  • Third Party Advisory
DSA-3989
  • Third Party Advisory
openSUSE-SU-2017:2633
  • Issue Tracking
  • Mailing List
  • Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
    GLSA-201710-27
      https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
        http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
          101085
          • Third Party Advisory
          • VDB Entry
          http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=33e3f1029c9ec6c63e430ff51063a6301d4b2262
            [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.
              [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.

                  1. Configuration 1

                    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
                    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
                    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
                    cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
                    cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
                    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
                    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
                    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
                    cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
                    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
                    cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*

                    Configuration 2

                    cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
                    End including
                    2.77
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.5.1
                Back to top