Security Advisory - Seven vulnerabilities in Google Dnsmasq
- SA No:huawei-sa-20171103-01-dnsmasq
- Initial Release Date: 2017-11-03
- Last Release Date: 2017-11-03
Dnsmasq is a widely used piece of open-source softwarea designed to provide DNS, DHCP, Dnsmasq 2.77 and before version contains 7 security vulnerabilities.
There is a heap buffer overflow vulnerability in dnsmasq in the code responsible when building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10139)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14491.
There is a heap buffer overflow vulnerability in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (Vulnerability ID: HWPSIRT-2017-10140)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14492.
There is a stack buffer overflow vulnerability in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10141)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14493.
There is an information leak vulnerability in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (Vulnerability ID: HWPSIRT-2017-10142)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14494.
There is a memory exhaustion vulnerability in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10143)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14495.
There is an integer underflow vulnerability in the EDNS0 code leading to a buffer over-read. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10144)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14496.
There is an integer overflow vulnerability in dnsmasq. An attacker could send crafted DNS packet size does not match the expected size, leading to dnsmasq crash. (Vulnerability ID: HWPSIRT-2017-10145)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-13704.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en|
Product Name |
Affected Version |
Resolved Product and Version |
|
Honor V9 play |
Versions earlier than Jimmy-AL00AC00B135 |
Jimmy-AL00 AC00B135 |
HWPSIRT-2017-10139,HWPSIRT-2017-10140 and HWPSIRT-2017-10141:
These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution.
HWPSIRT-2017-10142:
This vulnerability can be triggered remotely via DNS and DHCP protocols and can lead to information exposure.
HWPSIRT-2017-10143,HWPSIRT-2017-10144 and HWPSIRT-2017-10145:
These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to denial of service.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
HWPSIRT-2017-10139,HWPSIRT-2017-10140 and HWPSIRT-2017-10141:
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:O/RC:C)
HWPSIRT-2017-10142:
Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Temporal Score: 5.5 (E:F/RL:O/RC:C)
HWPSIRT-2017-10143,HWPSIRT-2017-10144 and HWPSIRT-2017-10145:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
These vulnerabilities were disclosed by Google.
2017-11-03 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.