http://thekelleys.org.uk/dnsmasq/CHANGELOG

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928

101085

101977

1039474

https://access.redhat.com/security/vulnerabilities/3199382

https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

FEDORA-2017-274d763ed8

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.

[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.

https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

According to the versions of the dnsmasq packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An integer underflow flaw leading to a buffer over-read     was found in dnsmasq in the DNS code. An attacker could     send crafted DNS packets to dnsmasq which would cause     it to crash.i1/4^CVE-2017-13704i1/4%0

  - A vulnerability was found in Dnsmasq's implementation     of DNSSEC. Wildcard synthesized NSEC records could be     improperly interpreted to prove the non-existence of     hostnames that actually exist.i1/4^CVE-2017-15107i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [gnutls, c-ares, nginx, mercurial, linux, mesos, git, binutils, krb5, dnsmasq] packages for PhotonOS has been released.

According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.

Fixes CVE-2017-13704

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of dnsmasq installed on the remote host is prior to 2.78, and thus, is affected by the following vulnerabilities :

  - Denial of service related to handling DNS queries     exceeding 512 bytes. (CVE-2017-13704)

  - Heap overflow related to handling DNS requests. (CVE-2017-14491)

  - Heap overflow related to IPv6 router advertisement handling.
    (CVE-2017-14492)

  - Stack overflow related to DHCPv6 request handling.
    (CVE-2017-14493)

  - Memory disclosure related to DHCPv6 packet handling.
    (CVE-2017-14494)

  - Denial of service related to handling DNS queries.
    (CVE-2017-14495)

  - Denial of service related to handling DNS queries.
    (CVE-2017-14496)

Google Project Zero reports :

- CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted.

- CVE-2017-14492: Heap based overflow.

- CVE-2017-14493: Stack Based overflow.

- CVE-2017-14494: Information Leak

- CVE-2017-14495: Lack of free()

- CVE-2017-14496: Invalid boundary checks. Integer underflow leading to a huge memcpy.

- CVE-2017-13704: Crash on large DNS query

New dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

ID	Name	Product	Family	Severity
123860	EulerOS Virtualization 2.5.3 : dnsmasq (EulerOS-SA-2019-1174)	Nessus	Huawei Local Security Checks	medium
111887	Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)	Nessus	PhotonOS Local Security Checks	high
109037	pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)	Nessus	Firewalls	high
105837	Fedora 27 : dnsmasq (2017-274d763ed8)	Nessus	Fedora Local Security Checks	medium
103647	dnsmasq < 2.78 Multiple Remote Vulnerabilities	Nessus	DNS	high
103620	FreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
103599	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2017-275-01)	Nessus	Slackware Local Security Checks	high

CVE-2017-13704

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

high

high

medium

high

high

high