39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
Heap and Stack based buffer overflows in dnsmasq prior to version 2.78
|
|
----------------------------------------------------------------------
|
|
|
|
### Summary ###
|
|
A series of heap and stack based buffer overflows have been discovered in
|
|
versions of dnsmasq prior to release 2.78.
|
|
|
|
### Affected Services / Software ###
|
|
Any neutron based OpenStack deployment on a version of dnsmasq prior to
|
|
2.78.
|
|
|
|
### Discussion ###
|
|
The following attack vectors have been assigned the following CVE numbers.
|
|
|
|
* CVE-2017-14491
|
|
* CVE-2017-14492
|
|
* CVE-2017-14493
|
|
* CVE-2017-14494
|
|
* CVE-2017-14495
|
|
* CVE-2017-14496
|
|
* CVE-2017-13704
|
|
|
|
Each of these CVE's exposes a neutron based OpenStack deployment to various
|
|
attacks such as leakage of sensitive memory information or causing a denial of
|
|
service. Nodes are exposed to this risk by the crafting of various nefarious
|
|
DNS or DHCP requests.
|
|
|
|
### Recommended Actions ###
|
|
Operators should update the dnsmasq service using the affected nodes operating
|
|
systems packaging tools to version 2.78 and later, or a distribution packaged
|
|
version that contains relevant backports for these vulnerabilities.
|
|
|
|
### Contacts / References ###
|
|
Author: Luke Hinds <lhinds@redhat.com>
|
|
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0082
|
|
Mailing List : [Security] tag on openstack-dev@lists.openstack.org
|
|
OpenStack Security Project : https://launchpad.net/~openstack-ossg
|
|
CVE: CVE-2017-14491
|