[SingCERT] Alert on Multiple Dnsmasq Vulnerabilities (CVE-2017-14491 to CVE-2017-14496)

Published on Wednesday, 04 October 2017 21:27

Background

Dnsmasq is a software that is able to perform roles such as being a Domain Name System (DNS) forwarder, Dynamic Host Configuration Protocol (DHCP) server, router advertisements, and network booting for computer networks. It is included in most Linux distributions and the ports systems of Berkeley Software Distribution (BSD) Unix and is widely used on the Internet and in private networks.

On 2nd October 2017, researchers at Google reported multiple security vulnerabilities found in Dnsmasq. The software developer of Dnsmasq worked with Google to release patches that address these vulnerabilities.

Affected Systems

Dnsmasq version 2.77 and prior are vulnerable.

Impact

These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service.

  • CVE-2017-14491 Heap-based Buffer Overflow
  • CVE-2017-14492 Heap-based Buffer Overflow
  • CVE-2017-14493 Stack-based Buffer Overflow
  • CVE-2017-14494 Information Exposure
  • CVE-2017-14495 Uncontrolled Resource Consumption('Resource Exhaustion')
  • CVE-2017-14496 Integer Underflow
Please refer to the Google Blog post for additional information.

Recommendations

System administrators and users are advised to update affected systems to Dnsmasq version 2.78 (or higher) with the following commands:

Debian Linux distribution
$ sudo apt-get update dnsmasq

Fedora-based distribution
$ sudo yum update dnsmasq

BSD Unix
$ su
# pkg upgrade dnsmasq

References

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git
http://www.kb.cert.org/vuls/id/973527