Bugzilla – Bug 1188881
VUL-0: CVE-2021-3672: c-ares,libcares2: Missing input validation on hostnames
Last modified: 2022-01-19 14:17:00 UTC
oss-security: Missing input validation on hostnames returned by DNS servers ============================================================= Project c-ares Security Advisory, August 10, 2021 - [Permalink](https://c-ares.haxx.se/adv_20210810.html) VULNERABILITY ------------- Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking). The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-3672 to this issue. STEPS TO REPRODUCE ------------------ An example domain which has a cname including a zero byte: ``` $ adig cnamezero.test2.xdi-attack.net Answers: cnamezero.test2.xdi-attack.net. 0 CNAME victim.test2.xdi-attack.net\000.test2.xdi-attack.net. victim.test2.xdi-attack.net\000.test2.xdi-attack.net. 0 A 141.12.174.88 ``` When resolved via a vulnerable implementation, the CNAME alias and name of the A record will seem to be `victim.test2.xdi-attack.net` instead of `victim.test2.xdi-attack.net\000.test2.xdi-attack.net`, a totally different domain. This is a clear error in zero-byte handling and can potentially lead to DNS-cache injections in case an application implements a cache based on the library. AFFECTED VERSIONS ----------------- This flaw exists in the following c-ares versions. - Affected versions: c-ares 1.0.0 to and including 1.17.1 - Not affected versions: c-ares >= 1.17.2 THE SOLUTION ------------ In version 1.17.2, the function has been corrected and a test case have been added to verify. A [patch for CVE-2021-3672](https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch) is available. RECOMMENDATIONS --------------- We suggest you take one of the following actions immediately, in order of preference: A - Upgrade c-ares to version 1.17.2 B - Apply the patch to your version and rebuild TIME LINE --------- It was reported to the c-ares project on June 11, 2021 by Philipp Jeitner and Haya Shulman, Fraunhofer SIT. c-ares 1.17.2 was released on August 10 2021, coordinated with the publication of this advisory. CREDITS ------- Thanks to Philipp Jeitner and Haya Shulman, Fraunhofer SIT for the report.
SUSE-SU-2021:14776-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188881 CVE References: CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): libcares2-1.7.4-7.10.3.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): libcares2-1.7.4-7.10.3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libcares2-1.7.4-7.10.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1188881) was mentioned in https://build.opensuse.org/request/show/911845 Factory / c-ares
This is an autogenerated message for OBS integration: This bug (1188881) was mentioned in https://build.opensuse.org/request/show/911861 Factory / nodejs16 https://build.opensuse.org/request/show/911862 Factory / nodejs14
SUSE-SU-2021:2690-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188881 CVE References: CVE-2021-3672 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): libcares2-1.9.1-9.7.1 SUSE OpenStack Cloud Crowbar 8 (src): libcares2-1.9.1-9.7.1 SUSE OpenStack Cloud 9 (src): libcares2-1.9.1-9.7.1 SUSE OpenStack Cloud 8 (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server 12-SP5 (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): libcares2-1.9.1-9.7.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): libcares2-1.9.1-9.7.1 HPE Helion Openstack 8 (src): libcares2-1.9.1-9.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2760-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188881 CVE References: CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.3 (src): c-ares-1.17.1+20200724-3.14.1
SUSE-SU-2021:2760-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188881 CVE References: CVE-2021-3672 JIRA References: Sources used: SUSE Manager Server 4.0 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Manager Retail Branch Server 4.0 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Manager Proxy 4.0 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Server for SAP 15 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Server 15-LTSS (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): c-ares-1.17.1+20200724-3.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): c-ares-1.17.1+20200724-3.14.1 SUSE Enterprise Storage 6 (src): c-ares-1.17.1+20200724-3.14.1 SUSE CaaS Platform 4.0 (src): c-ares-1.17.1+20200724-3.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1188881) was mentioned in https://build.opensuse.org/request/show/913180 Factory / nodejs16
openSUSE-SU-2021:1168-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188881 CVE References: CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.2 (src): c-ares-1.17.1+20200724-lp152.2.9.1, c-ares-tests-1.17.1+20200724-lp152.2.9.1
# maintenance_jira_update_notice SUSE-SU-2021:2823-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1188881,1188917,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs10-10.24.1-1.42.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2824-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs12-12.22.5-1.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2875-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): nodejs12-12.22.5-4.19.1 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs12-12.22.5-4.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice openSUSE-SU-2021:2875-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs12-12.22.5-4.19.1
# maintenance_jira_update_notice openSUSE-SU-2021:1214-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs12-12.22.5-lp152.3.18.1
# maintenance_jira_update_notice SUSE-SU-2021:2953-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1188881,1188917,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs10-10.24.1-1.39.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice openSUSE-SU-2021:2953-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1188881,1188917,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs10-10.24.1-1.39.2
# maintenance_jira_update_notice openSUSE-SU-2021:1239-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1188881,1188917,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs10-10.24.1-lp152.2.18.1
SUSE-SU-2021:3184-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs14-14.17.5-6.15.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3211-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): nodejs14-14.17.5-5.15.5 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs14-14.17.5-5.15.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3211-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs14-14.17.5-5.15.5
openSUSE-SU-2021:1313-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188881,1188917,1189368,1189369,1189370 CVE References: CVE-2021-22930,CVE-2021-22931,CVE-2021-22939,CVE-2021-22940,CVE-2021-3672 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs14-14.17.5-lp152.14.1