Bird_banner_small4
DNSmasq DHCPv6 Stack Buffer Overflow
TSL ID TSL20171002-04
CVE ID(s) CVE-2017-14493
Severity Critical
Description

A stack-based buffer overflow has been reported in the DHCPv6 component of dnsmasq. The vulnerability is due to lack of proper validation of the length of user-supplied data in a DHCPv6 request prior to copying it to a fixed-length stack-based buffer.

A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted packet to the target server. Successful exploitation of this vulnerability could result in execution of arbitrary code on the target server with administrative privileges.

The vendor, Dnsmasq, has released a CHANGELOG containing advisories:

http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Affected Products
  • DNSmasq/Mikrotik DNSmasq prior to 2.78
CVSS Score Base 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C):
  • Access vector is ADJACENT NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 6.5 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://access.redhat.com/security/vulnerabilities/3199382
https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Related Threats