Veracode Vulnerability DatabaseVERACODE:12581Remote Code Execution (RCE)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
github.com/kubernetes/dns leverages the dnsmasq library which is vulnerable to a heap-based buffer overflow. An attacker could cause a denial of service or execute arbitrary code via crafted DNS response. This issue in dnsmasq has been assigned CVE-2017-14491.
References
lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
nvidia.custhelp.com/app/answers/detail/a_id/4560
nvidia.custhelp.com/app/answers/detail/a_id/4561
packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html
thekelleys.org.uk/dnsmasq/CHANGELOG
thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
www.debian.org/security/2017/dsa-3989
www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
www.securityfocus.com/bid/101085
www.securityfocus.com/bid/101977
www.securitytracker.com/id/1039474
www.ubuntu.com/usn/USN-3430-1
www.ubuntu.com/usn/USN-3430-2
www.ubuntu.com/usn/USN-3430-3
access.redhat.com/errata/RHSA-2017:2836
access.redhat.com/errata/RHSA-2017:2837
access.redhat.com/errata/RHSA-2017:2838
access.redhat.com/errata/RHSA-2017:2839
access.redhat.com/errata/RHSA-2017:2840
access.redhat.com/errata/RHSA-2017:2841
access.redhat.com/security/updates/classification/#critical
access.redhat.com/security/vulnerabilities/3199382
cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
lists.fedoraproject.org/archives/list/[email protected]/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/
lists.fedoraproject.org/archives/list/[email protected]/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/
lists.fedoraproject.org/archives/list/[email protected]/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/
security.gentoo.org/glsa/201710-27
security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30
www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449
www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/
www.debian.org/security/2017/dsa-3989
www.exploit-db.com/exploits/42941/
www.kb.cert.org/vuls/id/973527
www.mail-archive.com/[email protected]/msg11664.html
www.mail-archive.com/[email protected]/msg11665.html
www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P