We have not determined what exact release introduced the vulnerable code, other than that it was prior to dnsmasq version 2.66 (shipped in Red Hat Enterprise Linux 7.2 and 7.3). Since DHCPv6 and IPv6 Router Advertisement support were only introduced after dnsmasq 2.60, versions earlier than this are not affected by this flaw. Further, the attacker would need to be in a position to send crafted DHCPv6 or IPv6 Router Advertisement messages to the server - usually requiring administrator (root) privileges on a host on the local network.
FIX CVE 2017 14491 FOR MAC CODE
Either could potentially be used to achieve code execution, although the use of gcc's Stack Smashing Protector (enabled in Red Hat Enterprise Linux 5, 6 and 7) should effectively reduce the impact of CVE-2017-14493 to only a crash.Ī dnsmasq instance would only be vulnerable to these if DHCP was enabled and it was bound to an IPv6 interface. These two vulnerabilities exist in IPv6/DHCPv6 functionality, and are also both buffer overflows (heap and stack, respectively). This could potentially be used to achieve code execution.ĬVE-2017-14492 and CVE-2017-14493: Critical By carefully constructing DNS requests and responses, dnsmasq could be made to overflow an internal buffer on the heap, using content influenced by the attacker. To trigger this flaw, an attacker would need to control a malicious domain (eg, ) and send DNS requests to dnsmasq that would cause it to cache replies from that domain. This is the worst vulnerability, and the only one that affected all versions of dnsmasq in supported Red Hat products.
These options can appear on the command line or in a configuration file: CVEĬonfiguration options that render dnsmasq vulnerableĮnable-ra slaac ra-only ra-names ra-advrouter ra-stateless Some of these vulnerabilities require particular options to be enabled to render dnsmasq vulnerable. All seven could be triggered by malicious users on the network. Some of these affected DHCP functionality while others affected DNS, with impacts ranging from a crash, unbounded resource consumption up to potential code execution. Six of these vulnerabilities were discovered and disclosed under embargo by Google, and the seventh (CVE-2017-13704) was already public and fixed in the dnsmasq git repository. While it is not recommended for large-scale deployments or as an authoritative name server, it is commonly used as a local caching resolver and for small-scale LAN and cloud environments. Many vendors prefer dnsmasq for its low resource consumption, simple configuration and flexibility. It is provided in Red Hat Enterprise Linux, where it is used directly by applications including libvirt, and in a number of layered products. Background Informationĭnsmasq is a popular lightweight DNS and DHCP server, often used in home networks and cloud environments as a caching DNS stub resolver and to manage DHCP leases.
These issues were publicly disclosed on Monday, October 2nd, 2017.
Red Hat Product Security has been made aware of several vulnerabilities affecting dnsmasq.
0 kommentar(er)
