7 Dnsmasq Security Flaws Discovered

Forkish · October 3, 2017

Found these on Thehackernews.com which links to the Google Blog describing these vulnerabilities:

CVE-2017-14491—A DNS-based remote code execution vulnerability in Dnsmasq versions before 2.76 is marked as the most severe that allows for unrestricted heap overflows, affecting both directly exposed and internal network setups.
CVE-2017-14492—Another remote code execution vulnerability due to a DHCP-based heap overflow issue.
CVE-2017-14493—Another noteworthy DHCP-based remote code execution bug caused by a stack buffer overflow. According to Google, this flaw is trivial to exploit if it's used in conjunction with the flaw (CVE-2017-14494) mentioned below.
CVE-2017-14494—An information leak in DHCP which can be combined with CVE-2017-14493 to allow attackers bypass ASLR security mechanism and execute arbitrary code on a target system.
CVE-2017-14495—A flaw in Dnsmasq which can be exploited to launch a denial of service (DoS) attack by exhausting memory via DNS. The flaw impacts dnsmasq only if one of these options is used: --add-mac, --add-cpe-id or --add-subnet.
CVE-2017-14496—Google's Android operating system is specifically affected by this DoS issue which can be exploited by a local hacker or one who is tethered directly to the device. However, Google pointed out the service itself is sandboxed, so the risk to Android users is reduced.
CVE-2017-14497—Another DoS issue wherein a large DNS query can crash the software.

i8igmac · October 4, 2017

has any one tested this... this seems huge.

Pineapple effected. Openwrt/ddwrt effected.

Dave-ee Jones · October 4, 2017

Mmm, I would hope they jump onto this quick smart. Anything using dnsmasq is vulnerable to a fairly wide range of attacks..

Just_a_User · October 4, 2017

The last CVE needs a kernel bump to 4.23+

Edited October 4, 2017 by Just_a_User

Recommended Posts