Home > Vulnerability Database > CVE-2017-14491

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2017-14491

Date: October 2, 2017

Overview

This is a heap-based buffer overflow vulnerability in dnsmasq that can cause a denial of service or remote code execution by an attacker. Taking advantage of the lightweight software package, the attacker targets resource constrained routers, firewalls and IoT devices.

Details

A pool of memory that is used for dynamic allocations at runtime is referred to as a heap. The most common way of allocating the dynamic memory is via a routine such as malloc(). When the data stored in the heap is overwritten, it can lead to an overflow. At the very least, this can cause a crash or denial of service. A heap-based buffer overflow attack can also be used to overwrite a pointer. The pointer can be made to point at a malicious code injected by an attacker. In the case of dnsmasq versions prior to 2.78, an attacker sends crafted DNS packets to the device causing the buffer to overflow. This results in a denial of service. Once the buffer is crashed, the attacker intercepts existing connections and runs arbitrary code. Not only does the attack allows malicious code execution, but it also exposes privileged data stored on the device.

Affected Environments

Following devices that use dnsmasq as DHCP and DNS server: Embedded Systems Small servers

Remediation

Update device Firmware containing dnsmasq version 2.78 or later.

Prevention

Run only trusted software on the connected network Use the latest OS on all the connected devices Secure the vulnerable device with a strong password

Language: C

Good to know:

9.8

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

Upgrade Version

No fix version available

CVSS v3.1
CVSS v2

Base Score:	9.8
Attack Vector (AV):	Network
Attack Complexity (AC):	Low
Privileges Required (PR):	None
User Interaction (UI):	None
Scope (S):	Unchanged
Confidentiality (C):	High
Integrity (I):	High
Availability (A):	High

Base Score:	7.5
Access Vector (AV):	Network
Access Complexity (AC):	Low
Authentication (AU):	None
Confidentiality (C):	Partial
Integrity (I):	Partial
Availability (A):	Partial
Additional information:

Related Resources (46)

Url: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

Url: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449

Url: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Url: https://www.exploit-db.com/exploits/42941/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/

Url: https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html

Url: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html

Url: https://www.debian.org/security/2017/dsa-3989

Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc

Url: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en

Url: https://www.kb.cert.org/vuls/id/973527

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Url: http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html

Url: https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html

Url: https://security.alpinelinux.org/vuln/CVE-2017-14491

Url: http://www.debian.org/security/2017/dsa-3989

Url: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt

Url: https://security-tracker.debian.org/tracker/CVE-2017-14491

Url: https://security.gentoo.org/glsa/201710-27

Url: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-14491

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/

Url: https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Url: https://access.redhat.com/security/cve/CVE-2017-14491

Url: http://www.ubuntu.com/usn/USN-3430-2

Url: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/

Url: http://www.ubuntu.com/usn/USN-3430-1

Url: http://www.ubuntu.com/usn/USN-3430-3

Url: http://www.securityfocus.com/bid/101085

Url: http://thekelleys.org.uk/dnsmasq/CHANGELOG

Url: https://access.redhat.com/security/vulnerabilities/3199382

Url: http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Url: https://access.redhat.com/errata/RHSA-2017:2841

Url: https://access.redhat.com/errata/RHSA-2017:2840

Url: http://nvidia.custhelp.com/app/answers/detail/a_id/4560

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14491

Url: http://www.securityfocus.com/bid/101977

Url: https://access.redhat.com/errata/RHSA-2017:2836

Url: https://access.redhat.com/errata/RHSA-2017:2838

Url: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html

Url: https://access.redhat.com/errata/RHSA-2017:2837

Url: http://www.securitytracker.com/id/1039474

Url: https://access.redhat.com/errata/RHSA-2017:2839

Url: https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/

Url: https://www.mend.io/vulnerability-database/CVE-2017-14491