Bug 1060361 - (CVE-2017-14494) VUL-0: CVE-2017-14494: dnsmasq: DHCP - info leak
(CVE-2017-14494)
VUL-0: CVE-2017-14494: dnsmasq: DHCP - info leak
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/192505/
CVSSv2:SUSE:CVE-2017-14494:3.3:(AV:A/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-26 06:46 UTC by Victor Pereira
Modified: 2017-12-04 14:10 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-09-26 06:46:01 UTC
CVE-2017-14494

Greetings,

CERT/CC has been notified by Google of a number of vulnerabilities affecting dnsmasq.
Please note that you may have already received a notification of these vulnerabilities from another source.
CERT/CC is tracking this report as VU#973527. Please retain VU#973527 in the subject line of any email sent to CERT/CC regarding this report.

Google has identified 6 vulnerabilities affecting the latest bits at Dnsmasq git server. They have a proposed release date of October 2nd 2017, 6 am PST. This information should be under embargo until public release at that time.
These vulnerabilities can be triggered remotely via DNS and DHCP protocols and it is believed some of them are highly exploitable. The following 6 CVEs have been assigned to these vulnerabilities.

* CVE-2017-14491: DNS - 2 byte heap based overflow
* CVE-2017-14492: DHCP - heap based overflow
* CVE-2017-14493: DHCP - stack based overflow
* CVE-2017-14494: DHCP - info leak
* CVE-2017-14495: DNS - OOM DoS
* CVE-2017-14496: DNS - DoS Integer underflow

We have attached a patch provided to CERT/CC by Google as an unofficial fix. You may want to wait for the official fix to be released.
We expect updated dnsmasq software to be released on October 2nd, 2017 when these vulnerabilities are made public.


Regards,

Vulnerability Analysis Team
======================================================================
CERT Coordination Center
www.cert.org / cert@cert.org
======================================================================

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494
Comment 5 Swamp Workflow Management 2017-10-02 19:08:01 UTC
SUSE-SU-2017:2616-1: An update that solves 8 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1035227,1060354,1060355,1060360,1060361,1060362,1060364,902511,904537,908137,972164
CVE References: CVE-2015-3294,CVE-2015-8899,CVE-2017-14491,CVE-2017-14492,CVE-2017-14493,CVE-2017-14494,CVE-2017-14495,CVE-2017-14496
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    dnsmasq-2.78-6.6.1
Comment 6 Swamp Workflow Management 2017-10-02 19:09:52 UTC
SUSE-SU-2017:2617-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1060354,1060355,1060360,1060361,1060362,1060364
CVE References: CVE-2015-3294,CVE-2015-8899,CVE-2017-14491,CVE-2017-14492,CVE-2017-14493,CVE-2017-14494,CVE-2017-14495,CVE-2017-14496
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    dnsmasq-2.78-0.16.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    dnsmasq-2.78-0.16.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    dnsmasq-2.78-0.16.5.1
Comment 7 Swamp Workflow Management 2017-10-02 19:10:58 UTC
SUSE-SU-2017:2618-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1060354,1060355,1060360,1060361,1060362,1060364
CVE References: CVE-2017-14491,CVE-2017-14492,CVE-2017-14493,CVE-2017-14494,CVE-2017-14495,CVE-2017-14496
Sources used:
SUSE OpenStack Cloud 7 (src):    dnsmasq-2.78-18.3.1
SUSE OpenStack Cloud 6 (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12-SP2 (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    dnsmasq-2.78-18.3.1
Comment 8 Swamp Workflow Management 2017-10-02 19:12:03 UTC
SUSE-SU-2017:2619-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1060354,1060355,1060360,1060361,1060362,1060364
CVE References: CVE-2015-3294,CVE-2015-8899,CVE-2017-14491,CVE-2017-14492,CVE-2017-14493,CVE-2017-14494,CVE-2017-14495,CVE-2017-14496
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    dnsmasq-2.78-0.17.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    dnsmasq-2.78-0.17.5.1
Comment 10 Swamp Workflow Management 2017-10-03 01:07:48 UTC
openSUSE-SU-2017:2633-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1060354,1060355,1060360,1060361,1060362,1060364
CVE References: CVE-2017-14491,CVE-2017-14492,CVE-2017-14493,CVE-2017-14494,CVE-2017-14495,CVE-2017-14496
Sources used:
openSUSE Leap 42.3 (src):    dnsmasq-2.78-13.1
openSUSE Leap 42.2 (src):    dnsmasq-2.78-10.6.1
Comment 11 Bernhard Wiedemann 2017-12-04 14:10:16 UTC
This is an autogenerated message for OBS integration:
This bug (1060361) was mentioned in
https://build.opensuse.org/request/show/548087 Factory / dnsmasq