#VU8663 Memory leak in Dnsmasq - CVE-2017-14494


Vulnerability identifier: #VU8663

Vulnerability risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-14494

CWE-ID: CWE-401

Exploitation vector: Local network

Exploit availability: Yes

Vulnerable software:
Dnsmasq
Server applications / DNS servers

Vendor: GNU

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to memory leak when processing DHCPv6 requests. A remote unauthenticated attacker on local network can send specially crafted DHCPv6 request to the affected service and cause dnsmasq to forward memory from outside the packet buffer to a DHCPv6 server when acting as a relay.

Successful exploitation of this vulnerability may allow an attacker to read parts of memory from the affected system and bypass ASLR.

Mitigation
Update to version 2.78.

Vulnerable software versions

Dnsmasq: 0.4 - 2.77

External links
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q4/011771.html
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HPE Edgeline EL300 Converged Edge System
Ubuntu update for Dnsmasq
Gentoo update for Dnsmasq
Slackware Linux update for dnsmasq
Arch Linux update for dnsmasq
Ubuntu update for Dnsmasq
Ubuntu update for Dnsmasq
Debian update for dnsmasq
Multiple vulnerabilities in GNU Dnsmasq
OpenSUSE Linux update for dnsmasq