Dnsmasq VU#973527 Multiple Security Vulnerabilities



Dnsmasq is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application, bypass the ASLR, gain sensitive information, or cause a denial-of-service condition.

Versions prior to Dnsmasq 2.78 are vulnerable.

Information

Bugtraq ID: 101085
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2017-13704

Remote: Yes
Local: Yes
Published: Oct 02 2017 12:00AM
Updated: Oct 02 2017 12:00AM
Credit: Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team
Vulnerable: Ubuntu Ubuntu Linux 17.04
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Thekelleys Dnsmasq 1.2.2
Thekelleys Dnsmasq 2.77
Thekelleys Dnsmasq 2.75
Thekelleys Dnsmasq 2.72
Thekelleys Dnsmasq 2.71
Thekelleys Dnsmasq 2.70
Thekelleys Dnsmasq 2.7
Thekelleys Dnsmasq 2.65
Thekelleys Dnsmasq 2.64
Thekelleys Dnsmasq 2.63
Thekelleys Dnsmasq 2.62
Thekelleys Dnsmasq 2.61
Thekelleys Dnsmasq 2.60
Thekelleys Dnsmasq 2.6
Thekelleys Dnsmasq 2.59
Thekelleys Dnsmasq 2.58
Thekelleys Dnsmasq 2.57
Thekelleys Dnsmasq 2.56
Thekelleys Dnsmasq 2.55
Thekelleys Dnsmasq 2.54
Thekelleys Dnsmasq 2.53
Thekelleys Dnsmasq 2.52
Thekelleys Dnsmasq 2.51
Thekelleys Dnsmasq 2.50
Thekelleys Dnsmasq 2.49
Thekelleys Dnsmasq 2.48
Thekelleys Dnsmasq 2.47
Thekelleys Dnsmasq 2.46
Thekelleys Dnsmasq 2.45
Thekelleys Dnsmasq 2.44
Thekelleys Dnsmasq 2.43
Thekelleys Dnsmasq 2.42
Thekelleys Dnsmasq 2.41
Thekelleys Dnsmasq 2.40
Thekelleys Dnsmasq 2.4
Thekelleys Dnsmasq 2.38
Thekelleys Dnsmasq 2.37
Thekelleys Dnsmasq 2.36
Thekelleys Dnsmasq 2.35
Thekelleys Dnsmasq 2.34
Thekelleys Dnsmasq 2.33
Thekelleys Dnsmasq 2.30
Thekelleys Dnsmasq 2.29
Thekelleys Dnsmasq 2.28
Thekelleys Dnsmasq 2.27
Thekelleys Dnsmasq 2.26
Thekelleys Dnsmasq 2.25
Thekelleys Dnsmasq 2.24
Thekelleys Dnsmasq 2.23
Thekelleys Dnsmasq 2.22
Thekelleys Dnsmasq 2.21
Thekelleys Dnsmasq 2.20
Thekelleys Dnsmasq 2.2
Thekelleys Dnsmasq 2.19
Thekelleys Dnsmasq 2.18
Thekelleys Dnsmasq 2.17
Thekelleys Dnsmasq 2.16
Thekelleys Dnsmasq 2.15
Thekelleys Dnsmasq 2.14
Thekelleys Dnsmasq 2.13
Thekelleys Dnsmasq 2.12
Thekelleys Dnsmasq 2.11
Thekelleys Dnsmasq 2.10
Thekelleys Dnsmasq 1.9
Thekelleys Dnsmasq 1.8
Thekelleys Dnsmasq 1.6
Thekelleys Dnsmasq 1.5
Thekelleys Dnsmasq 1.4
Thekelleys Dnsmasq 1.3
Thekelleys Dnsmasq 1.18
Thekelleys Dnsmasq 1.17
Thekelleys Dnsmasq 1.16
Thekelleys Dnsmasq 1.15
Thekelleys Dnsmasq 1.14
Thekelleys Dnsmasq 1.13
Thekelleys Dnsmasq 1.12
Thekelleys Dnsmasq 1.11
Thekelleys Dnsmasq 1.10
Thekelleys Dnsmasq 1.0
Thekelleys Dnsmasq 0.996
Thekelleys Dnsmasq 0.992
Thekelleys Dnsmasq 0.98
Thekelleys Dnsmasq 0.96
Thekelleys Dnsmasq 0.95
Thekelleys Dnsmasq 0.7
Thekelleys Dnsmasq 0.6
Thekelleys Dnsmasq 0.5
Thekelleys Dnsmasq 0.4
Slackware Slackware Linux 14.2
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Slackware Slackware Linux 13.37
Slackware Slackware Linux 13.1
Slackware Slackware Linux 13.0
Redhat Enterprise Linux Workstation Optional 7
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server TUS 6.6
Redhat Enterprise Linux Server TUS 6.5
Redhat Enterprise Linux Server Optional EUS 7.3
Redhat Enterprise Linux Server Optional EUS 7.2
Redhat Enterprise Linux Server Optional EUS 6.5
Redhat Enterprise Linux Server Optional AUS 6.6
Redhat Enterprise Linux Server Optional AUS 6.5
Redhat Enterprise Linux Server Optional AUS 6.4
Redhat Enterprise Linux Server Optional 7
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server for ARM 7
Redhat Enterprise Linux Server EUS 7.3
Redhat Enterprise Linux Server EUS 7.2
Redhat Enterprise Linux Server AUS 6.6
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server AUS 6.4
Redhat Enterprise Linux Server AUS 6.2
Redhat Enterprise Linux Server - TUS 7.4
Redhat Enterprise Linux Server - TUS 7.3
Redhat Enterprise Linux Server - TUS 7.2
Redhat Enterprise Linux Server - Extended Update Support 7.4
Redhat Enterprise Linux Server - Extended Update Support 7.2
Redhat Enterprise Linux Server - Extended Update Suppor 7.3
Redhat Enterprise Linux Server - AUS 7.4
Redhat Enterprise Linux Server - AUS 7.3
Redhat Enterprise Linux Server - AUS 7.2
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3
Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux Server 5
Redhat Enterprise Linux Long Life 5.9 server
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux for Scientific Computing 7
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
Redhat Enterprise Linux for Power, little endian 7
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
Redhat Enterprise Linux for Power, big endian 7
Redhat Enterprise Linux for Power little endian - Extended Update Suppo 7.3
Redhat Enterprise Linux for Power little endian - Extended Update Suppo 7.2
Redhat Enterprise Linux for Power big endian - Extended Update Support 7.3
Redhat Enterprise Linux for Power big endian - Extended Update Support 7.2
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.3
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.2
Redhat Enterprise Linux for IBM z Systems 7
Redhat Enterprise Linux EUS Compute Node 7.4
Redhat Enterprise Linux EUS Compute Node 7.3
Redhat Enterprise Linux EUS Compute Node 7.2
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux ComputeNode Optional EUS 7.3
Redhat Enterprise Linux ComputeNode Optional EUS 7.2
Redhat Enterprise Linux ComputeNode Optional 7
Redhat Enterprise Linux ComputeNode EUS 7.3
Redhat Enterprise Linux ComputeNode EUS 7.2
Redhat Enterprise Linux ComputeNode 7
Oracle Linux 7
Oracle Linux 6
openSUSE Leap 42.3
openSUSE Leap 42.2
Kubernetes Kubernetes 1.7.6
Kubernetes Kubernetes 1.7
Kubernetes Kubernetes 1.6.10
Kubernetes Kubernetes 1.6
Kubernetes Kubernetes 1.5.7
Kubernetes Kubernetes 1.5
Kubernetes Kubernetes 1.2
Google Android 7.1.1
Google Android 6.0.1
Google Android 5.1.1
Google Android 5.0.2
Google Android 4.4.4
Google Android 8.0
Google Android 7.1.2
Google Android 7.0
Google Android 6.0
Fedoraproject Fedora 27
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 ia-30
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 7
CentOS CentOS 6


Not Vulnerable: Thekelleys Dnsmasq 2.78
Kubernetes Kubernetes 1.8
Kubernetes Kubernetes 1.7.7
Kubernetes Kubernetes 1.6.11
Kubernetes Kubernetes 1.5.8


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


References:

Related Posts