Dnsmasq is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code within the context of the affected application, bypass the ASLR, gain sensitive information, or cause a denial-of-service condition.
Versions prior to Dnsmasq 2.78 are vulnerable.
Information
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2017-13704
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Thekelleys Dnsmasq 1.2.2
Thekelleys Dnsmasq 2.77
Thekelleys Dnsmasq 2.75
Thekelleys Dnsmasq 2.72
Thekelleys Dnsmasq 2.71
Thekelleys Dnsmasq 2.70
Thekelleys Dnsmasq 2.7
Thekelleys Dnsmasq 2.65
Thekelleys Dnsmasq 2.64
Thekelleys Dnsmasq 2.63
Thekelleys Dnsmasq 2.62
Thekelleys Dnsmasq 2.61
Thekelleys Dnsmasq 2.60
Thekelleys Dnsmasq 2.6
Thekelleys Dnsmasq 2.59
Thekelleys Dnsmasq 2.58
Thekelleys Dnsmasq 2.57
Thekelleys Dnsmasq 2.56
Thekelleys Dnsmasq 2.55
Thekelleys Dnsmasq 2.54
Thekelleys Dnsmasq 2.53
Thekelleys Dnsmasq 2.52
Thekelleys Dnsmasq 2.51
Thekelleys Dnsmasq 2.50
Thekelleys Dnsmasq 2.49
Thekelleys Dnsmasq 2.48
Thekelleys Dnsmasq 2.47
Thekelleys Dnsmasq 2.46
Thekelleys Dnsmasq 2.45
Thekelleys Dnsmasq 2.44
Thekelleys Dnsmasq 2.43
Thekelleys Dnsmasq 2.42
Thekelleys Dnsmasq 2.41
Thekelleys Dnsmasq 2.40
Thekelleys Dnsmasq 2.4
Thekelleys Dnsmasq 2.38
Thekelleys Dnsmasq 2.37
Thekelleys Dnsmasq 2.36
Thekelleys Dnsmasq 2.35
Thekelleys Dnsmasq 2.34
Thekelleys Dnsmasq 2.33
Thekelleys Dnsmasq 2.30
Thekelleys Dnsmasq 2.29
Thekelleys Dnsmasq 2.28
Thekelleys Dnsmasq 2.27
Thekelleys Dnsmasq 2.26
Thekelleys Dnsmasq 2.25
Thekelleys Dnsmasq 2.24
Thekelleys Dnsmasq 2.23
Thekelleys Dnsmasq 2.22
Thekelleys Dnsmasq 2.21
Thekelleys Dnsmasq 2.20
Thekelleys Dnsmasq 2.2
Thekelleys Dnsmasq 2.19
Thekelleys Dnsmasq 2.18
Thekelleys Dnsmasq 2.17
Thekelleys Dnsmasq 2.16
Thekelleys Dnsmasq 2.15
Thekelleys Dnsmasq 2.14
Thekelleys Dnsmasq 2.13
Thekelleys Dnsmasq 2.12
Thekelleys Dnsmasq 2.11
Thekelleys Dnsmasq 2.10
Thekelleys Dnsmasq 1.9
Thekelleys Dnsmasq 1.8
Thekelleys Dnsmasq 1.6
Thekelleys Dnsmasq 1.5
Thekelleys Dnsmasq 1.4
Thekelleys Dnsmasq 1.3
Thekelleys Dnsmasq 1.18
Thekelleys Dnsmasq 1.17
Thekelleys Dnsmasq 1.16
Thekelleys Dnsmasq 1.15
Thekelleys Dnsmasq 1.14
Thekelleys Dnsmasq 1.13
Thekelleys Dnsmasq 1.12
Thekelleys Dnsmasq 1.11
Thekelleys Dnsmasq 1.10
Thekelleys Dnsmasq 1.0
Thekelleys Dnsmasq 0.996
Thekelleys Dnsmasq 0.992
Thekelleys Dnsmasq 0.98
Thekelleys Dnsmasq 0.96
Thekelleys Dnsmasq 0.95
Thekelleys Dnsmasq 0.7
Thekelleys Dnsmasq 0.6
Thekelleys Dnsmasq 0.5
Thekelleys Dnsmasq 0.4
Slackware Slackware Linux 14.2
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Slackware Slackware Linux 13.37
Slackware Slackware Linux 13.1
Slackware Slackware Linux 13.0
Redhat Enterprise Linux Workstation Optional 7
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server TUS 6.6
Redhat Enterprise Linux Server TUS 6.5
Redhat Enterprise Linux Server Optional EUS 7.3
Redhat Enterprise Linux Server Optional EUS 7.2
Redhat Enterprise Linux Server Optional EUS 6.5
Redhat Enterprise Linux Server Optional AUS 6.6
Redhat Enterprise Linux Server Optional AUS 6.5
Redhat Enterprise Linux Server Optional AUS 6.4
Redhat Enterprise Linux Server Optional 7
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server for ARM 7
Redhat Enterprise Linux Server EUS 7.3
Redhat Enterprise Linux Server EUS 7.2
Redhat Enterprise Linux Server AUS 6.6
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server AUS 6.4
Redhat Enterprise Linux Server AUS 6.2
Redhat Enterprise Linux Server - TUS 7.4
Redhat Enterprise Linux Server - TUS 7.3
Redhat Enterprise Linux Server - TUS 7.2
Redhat Enterprise Linux Server - Extended Update Support 7.4
Redhat Enterprise Linux Server - Extended Update Support 7.2
Redhat Enterprise Linux Server - Extended Update Suppor 7.3
Redhat Enterprise Linux Server - AUS 7.4
Redhat Enterprise Linux Server - AUS 7.3
Redhat Enterprise Linux Server - AUS 7.2
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux Server 5
Redhat Enterprise Linux Long Life 5.9 server
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux for Scientific Computing 7
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
Redhat Enterprise Linux for Power, little endian 7
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
Redhat Enterprise Linux for Power, big endian 7
Redhat Enterprise Linux for Power little endian - Extended Update Suppo 7.3
Redhat Enterprise Linux for Power little endian - Extended Update Suppo 7.2
Redhat Enterprise Linux for Power big endian - Extended Update Support 7.3
Redhat Enterprise Linux for Power big endian - Extended Update Support 7.2
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.3
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.2
Redhat Enterprise Linux for IBM z Systems 7
Redhat Enterprise Linux EUS Compute Node 7.4
Redhat Enterprise Linux EUS Compute Node 7.3
Redhat Enterprise Linux EUS Compute Node 7.2
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux ComputeNode Optional EUS 7.3
Redhat Enterprise Linux ComputeNode Optional EUS 7.2
Redhat Enterprise Linux ComputeNode Optional 7
Redhat Enterprise Linux ComputeNode EUS 7.3
Redhat Enterprise Linux ComputeNode EUS 7.2
Redhat Enterprise Linux ComputeNode 7
Oracle Linux 7
Oracle Linux 6
openSUSE Leap 42.3
openSUSE Leap 42.2
Kubernetes Kubernetes 1.7.6
Kubernetes Kubernetes 1.7
Kubernetes Kubernetes 1.6.10
Kubernetes Kubernetes 1.6
Kubernetes Kubernetes 1.5.7
Kubernetes Kubernetes 1.5
Kubernetes Kubernetes 1.2
Google Android 7.1.1
Google Android 6.0.1
Google Android 5.1.1
Google Android 5.0.2
Google Android 4.4.4
Google Android 8.0
Google Android 7.1.2
Google Android 7.0
Google Android 6.0
Fedoraproject Fedora 27
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 ia-30
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 7
CentOS CentOS 6
Kubernetes Kubernetes 1.8
Kubernetes Kubernetes 1.7.7
Kubernetes Kubernetes 1.6.11
Kubernetes Kubernetes 1.5.8
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Dnsmasq Change Log (Dnsmasq)
- Dnsmasq Home Page (Dnsmasq)
- google/security-research-pocs CVE-2017-14491.py (Google)
- google/security-research-pocs CVE-2017-14492.py (Google)
- google/security-research-pocs CVE-2017-14493.py (Google)
- google/security-research-pocs CVE-2017-14494.py (Google)
- google/security-research-pocs CVE-2017-14495.py (Google)
- Kubernetes CHANGELOG (Kubernetes)
- [slackware-security] dnsmasq (SSA:2017-275-01) (Slackware)
- Android Security Bulletinâ??October 2017 (Google)
- Behind the Masq: Yet more DNS, and DHCP, vulnerabilities (Google)
- Bug 1495410 CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertiseme (Redhat)
- Bug 1495411 CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code (Redhat)
- Bug 1495412 CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code (Redhat)
- Bug 1495415 CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 (Redhat)
- Bug 1495416 CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-rea (Redhat)
- Bug 1495510 - (CVE-2017-13704) CVE-2017-13704 dnsmasq: Size parameter overflow v (Red Hat Bugzilla)
- CVE-2017-13704 (Red Hat)
- CVE-2017-14491 (Redhat)
- CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS r (Redhat)
- CVE-2017-14492 (Redhat)
- CVE-2017-14493 (Redhat)
- CVE-2017-14494 (Redhat)
- CVE-2017-14495 (Redhat)
- CVE-2017-14496 (Redhat)
- DSA-3989-1 dnsmasq -- security update (Debian)
- google/security-research-pocs CVE-2017-14496.py (Google)
- ICSA-17-332-01:Siemens SCALANCE W1750D, M800, and S615 (CERT)
- RHSA-2017:2836 - Security Advisory (Redhat)
- RHSA-2017:2837 - Security Advisory (Redhat)
- VU#973527 Dnsmasq contains multiple vulnerabilities (CERT)