This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Seven vulnerabilities in Google Dnsmasq

  • SA No:huawei-sa-20171103-01-dnsmasq
  • Initial Release Date: 2017-11-03
  • Last Release Date: 2017-11-03

Dnsmasq is a widely used piece of open-source softwarea designed to provide DNS, DHCP, Dnsmasq 2.77 and before version contains 7 security vulnerabilities.  

There is a heap buffer overflow vulnerability in dnsmasq in the code responsible when building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10139)  

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14491. 

There is a heap buffer overflow vulnerability in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (Vulnerability ID: HWPSIRT-2017-10140) 

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14492. 

There is a stack buffer overflow vulnerability in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10141)  

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14493. 

There is an information leak vulnerability in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (Vulnerability ID: HWPSIRT-2017-10142)  

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14494. 

There is a memory exhaustion vulnerability in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10143) 

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14495. 

There is an integer underflow vulnerability in the EDNS0 code leading to a buffer over-read. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10144) 

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14496. 

There is an integer overflow vulnerability in dnsmasq. An attacker could send crafted DNS packet size does not match the expected size, leading to dnsmasq crash. (Vulnerability ID: HWPSIRT-2017-10145) 

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-13704.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en

Product Name

Affected Version

Resolved Product and Version

Honor V9 play

Versions earlier than Jimmy-AL00AC00B135

Jimmy-AL00 AC00B135

HWPSIRT-2017-10139,HWPSIRT-2017-10140 and HWPSIRT-2017-10141:

These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution.

HWPSIRT-2017-10142:

This vulnerability can be triggered remotely via DNS and DHCP protocols and can lead to information exposure.

HWPSIRT-2017-10143,HWPSIRT-2017-10144 and HWPSIRT-2017-10145:

These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to denial of service.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

HWPSIRT-2017-10139,HWPSIRT-2017-10140 and HWPSIRT-2017-10141:

Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Temporal Score: 9.1 (E:F/RL:O/RC:C)

HWPSIRT-2017-10142:

Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 5.5 (E:F/RL:O/RC:C)

HWPSIRT-2017-10143,HWPSIRT-2017-10144 and HWPSIRT-2017-10145:

Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Temporal Score: 7.0 (E:F/RL:O/RC:C)

For technical details, customers are advised to reference the website: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html.

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

These vulnerabilities were disclosed by Google.

2017-11-03 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.