dnsmasq < 2.78 Multiple Remote Vulnerabilities

Critical Nessus Plugin ID 103647

Synopsis

The remote DNS / DHCP service is affected by multiple vulnerabilities.

Description

The version of dnsmasq installed on the remote host is prior to 2.78, and thus, is affected by the following vulnerabilities :

- Denial of service related to handling DNS queries exceeding 512 bytes. (CVE-2017-13704)

- Heap overflow related to handling DNS requests. (CVE-2017-14491)

- Heap overflow related to IPv6 router advertisement handling.
(CVE-2017-14492)

- Stack overflow related to DHCPv6 request handling.
(CVE-2017-14493)

- Memory disclosure related to DHCPv6 packet handling.
(CVE-2017-14494)

- Denial of service related to handling DNS queries.
(CVE-2017-14495)

- Denial of service related to handling DNS queries.
(CVE-2017-14496)

Solution

Upgrade to dnsmasq 2.78 or later.

dnsmasq < 2.78 Multiple Remote Vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information