Vulnerability Name:

CVE-2017-14496

Assigned:2017-09-15
Published:2017-10-02
Updated:2017-10-18
Summary:Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
CVSS v3 Severity:7.5 High (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (REDHAT CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-191
CWE-190
CWE-125
References:Source: SUSE
Type: VENDOR_ADVISORY
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

Source: CONFIRM
Type: UNKNOWN
http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Source: CONFIRM
Type: VENDOR_ADVISORY
http://thekelleys.org.uk/dnsmasq/CHANGELOG

Source: CONFIRM
Type: VENDOR_ADVISORY
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7

Source: DEBIAN
Type: VENDOR_ADVISORY
http://www.debian.org/security/2017/dsa-3989

Source: BID
Type: VENDOR_ADVISORY
101085

Source: SECTRACK
Type: VENDOR_ADVISORY
1039474

Source: UBUNTU
Type: VENDOR_ADVISORY
http://www.ubuntu.com/usn/USN-3430-1

Source: UBUNTU
Type: VENDOR_ADVISORY
http://www.ubuntu.com/usn/USN-3430-2

Source: REDHAT
Type: VENDOR_ADVISORY
https://access.redhat.com/errata/RHSA-2017:2836

Source: CONFIRM
Type: VENDOR_ADVISORY
https://access.redhat.com/security/vulnerabilities/3199382

Source: MISC
Type: VENDOR_ADVISORY
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Source: CONFIRM
Type: VENDOR_ADVISORY
https://source.android.com/security/bulletin/2017-10-01

Source: EXPLOIT-DB
Type: VENDOR_ADVISORY
42946

Source: CERT-VN
Type: VENDOR_ADVISORY
https://www.kb.cert.org/vuls/id/973527

Source: MLIST
Type: VENDOR_ADVISORY
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html

Source: MLIST
Type: VENDOR_ADVISORY
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:leap:42.2:*:*:*:*:*:*:*
  • OR cpe:/o:novell:leap:42.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:thekelleys:dnsmasq:2.77:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201714496
    V
    CVE-2017-14496
    2017-10-22
    oval:com.ubuntu.xenial:def:201714496000
    V
    CVE-2017-14496 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-10-02
    oval:com.ubuntu.trusty:def:201714496000
    V
    CVE-2017-14496 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-10-02
    oval:com.redhat.rhsa:def:20172836
    P
    RHSA-2017:2836: dnsmasq security update (Critical)
    2017-10-02
    BACK
    canonical ubuntu_linux 14.04
    canonical ubuntu_linux 16.04
    canonical ubuntu_linux 17.04
    debian debian_linux 7.0
    debian debian_linux 7.1
    debian debian_linux 9.0
    google android 4.4.4
    google android 5.0.2
    google android 5.1.1
    google android 6.0
    google android 6.0.1
    google android 7.0
    google android 7.1.1
    google android 7.1.2
    google android 8.0
    novell leap 42.2
    novell leap 42.3
    redhat enterprise_linux_desktop 7.0
    redhat enterprise_linux_server 7.0
    redhat enterprise_linux_workstation 7.0
    thekelleys dnsmasq 2.77
    redhat enterprise_linux 7