Security Advisory - Seven vulnerabilities in Google Dnsmasq

Dnsmasq is a widely used piece of open-source softwarea designed to provide DNS, DHCP, Dnsmasq 2.77 and before version contains 7 security vulnerabilities.

There is a heap buffer overflow vulnerability in dnsmasq in the code responsible when building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10139)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14491.

There is a heap buffer overflow vulnerability in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (Vulnerability ID: HWPSIRT-2017-10140)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14492.

There is a stack buffer overflow vulnerability in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10141)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14493.

There is an information leak vulnerability in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (Vulnerability ID: HWPSIRT-2017-10142)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14494.

There is a memory exhaustion vulnerability in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10143)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14495.

There is an integer underflow vulnerability in the EDNS0 code leading to a buffer over-read. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10144)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14496.

There is an integer overflow vulnerability in dnsmasq. An attacker could send crafted DNS packet size does not match the expected size, leading to dnsmasq crash. (Vulnerability ID: HWPSIRT-2017-10145)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-13704.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en&gt;