SB2017100231 - SUSE Linux update for dnsmasq
Published: October 2, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Data Handling (CVE-ID: CVE-2015-3294)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
2) Input validation error (CVE-ID: CVE-2015-8899)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
3) Heap-based buffer overflow (CVE-ID: CVE-2017-14491)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in dnsmasq.c file when processing DNS replies. A remote unauthenticated attacker can send specially crafted DNS packets to the affected service, trigger heap-based buffer overflow by 2 bytes and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Heap-based buffer overflow (CVE-ID: CVE-2017-14492)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing IPv6 router advertisements. A remote unauthenticated attacker on local network can send specially crafted IPv6 router advertisement to the affected service, trigger heap-based buffer overflow and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2017-14493)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing DHCPv6 requests. A remote unauthenticated attacker on local network can send specially crafted DHCPv6 request to the affected service, trigger heap-based buffer overflow and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Memory leak (CVE-ID: CVE-2017-14494)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to memory leak when processing DHCPv6 requests. A remote unauthenticated attacker on local network can send specially crafted DHCPv6 request to the affected service and cause dnsmasq to forward memory from outside the packet buffer to a DHCPv6 server when acting as a relay.
Successful exploitation of this vulnerability may allow an attacker to read parts of memory from the affected system and bypass ASLR.
7) Memory exhaustion (CVE-ID: CVE-2017-14495)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect memory allocation (memory is never freed) in add_pseudoheader() function when processing DNS queries. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service and cause dnsmasq to consume all available memory.
Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack, but requires that dnsmasq is compiled with --add-mac, --add-cpe-id or --add-subnet option.
8) Memory corruption (CVE-ID: CVE-2017-14496)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in add_pseudoheader() function when processing DNS queries. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service, cause dnsmasq to call memcpy with negative size and crash.
Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack, but requires that dnsmasq is compiled with --add-mac, --add-cpe-id or --add-subnet option.
Remediation
Install update from vendor's website.