Security Bulletin: Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack

Summary

Multiple security vulenrability have been identified in dnsmasq that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2017-14495**
DESCRIPTION:** dnsmasq is vulnerable to a denial of service, caused by a memory leak when the --add-mac, --add-cpe-id or --add-subnet option is specified. By using vectors related to DNS response creation, a remote attacker could exploit this vulnerability to consume available memory.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132935 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-14494**
DESCRIPTION:** dnsmasq could allow a remote attacker to obtain sensitive information, caused by improper validation of requests. By sending specially-crafted DHCPv6 forwarded requests, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132934 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-14496**
DESCRIPTION:** dnsmasq is vulnerable to a denial of service, caused by an integer underflow in the add_pseudoheader function. By sending a specially-crafted DNS request, a remote attacker could exploit this vulnerability to cause the service to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132936 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-14493**
DESCRIPTION:** dnsmasq is vulnerable to a stack-based buffer overflow. By sending a specially-crafted DHCPv6 request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132933 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-14492**
DESCRIPTION:** dnsmasq is vulnerable to a heap-based buffer overflow. By sending a specially-crafted IPv6 router advertisement request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-14491**
DESCRIPTION:** dnsmasq is vulnerable to a heap-based buffer overflow. By sending a specially-crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132931 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-13704**
DESCRIPTION:** dnsmasq is vulnerable to a denial of service, caused by improper validation of DNS packet size parameter. By a specially-crafted DNS packet, a remote attacker could exploit this vulnerability to cause the service to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132930 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.8 Interim Fix 1

Remediation/Fixes

Product

| VRMF|Remediation/First Fix
—|—|—
IBM Cloud Manager with OpenStack| 4.3.0 through 4.3.0.8 Interim Fix 1| Upgrade to IBM Cloud Manager with OpenStack 4.3 fix pack 9 on Red Hat Enterprise Linux 7.4:_
__http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.9-IBM-CMWO-FP09&source=SAR_
Or update dnsmasq and dnsmasq-utils packages to version 2.76-2 on all controller and compute nodes.

Workarounds and Mitigations

None