9.8

CVE-2017-14491

Exploit
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ThekelleysDnsmasq Version <= 2.77
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.04
DebianDebian Linux Version7.0
DebianDebian Linux Version7.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OpensuseLeap Version42.2
OpensuseLeap Version42.3
SuseLinux Enterprise Debuginfo Version11 Updatesp3
SuseLinux Enterprise Debuginfo Version11 Updatesp4
SuseLinux Enterprise Point Of Sale Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 SwEditionltss
NvidiaLinux For Tegra Version < r21.6
   NvidiaJetson Tk1 Version-
NvidiaLinux For Tegra Version < r24.2.2
   NvidiaJetson Tx1 Version-
NvidiaGeforce Experience Version >= 3.0 < 3.10.0.55
   MicrosoftWindows Version-
HuaweiHonor V9 Play Firmware Version < jimmy-al00ac00b135
   HuaweiHonor V9 Play Version-
AristaEos Version <= 4.15
AristaEos Version >= 4.16 < 4.16.13m
AristaEos Version >= 4.17 < 4.17.8m
AristaEos Version >= 4.18 <= 4.18.4.2f
SiemensRuggedcom Rm1224 Firmware Version < 5.0
   SiemensRuggedcom Rm1224 Version-
SiemensScalance M-800 Firmware Version < 5.0
   SiemensScalance M-800 Version-
SiemensScalance S615 Firmware Version < 5.0
   SiemensScalance S615 Version-
SiemensScalance W1750d Firmware Version < 6.5.1.5
   SiemensScalance W1750d Version-
ArubanetworksArubaos Version >= 6.3.1 < 6.3.1.25
ArubanetworksArubaos Version >= 6.4.4.0 < 6.4.4.16
ArubanetworksArubaos Version >= 6.5.0.0 < 6.5.1.9
ArubanetworksArubaos Version >= 6.5.3.0 < 6.5.3.3
ArubanetworksArubaos Version >= 6.5.4.0 < 6.5.4.2
ArubanetworksArubaos Version >= 8.1.0.0 < 8.1.0.4
SynologyRouter Manager Version1.1
SynologyDiskstation Manager Version5.2
SynologyDiskstation Manager Version6.0
SynologyDiskstation Manager Version6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 84.93% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://thekelleys.org.uk/dnsmasq/CHANGELOG
Vendor Advisory
Release Notes
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Third Party Advisory
http://www.securityfocus.com/bid/101085
Broken Link
http://www.securityfocus.com/bid/101977
Broken Link
http://www.securitytracker.com/id/1039474
Broken Link
https://access.redhat.com/security/vulnerabilities/3199382
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
Patch
Third Party Advisory
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Third Party Advisory
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
Third Party Advisory
Mailing List
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
Third Party Advisory
http://www.debian.org/security/2017/dsa-3989
Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-2
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2836
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2837
Third Party Advisory
https://security.gentoo.org/glsa/201710-27
Third Party Advisory
https://www.kb.cert.org/vuls/id/973527
Third Party Advisory
US Government Resource
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html
Third Party Advisory
Mailing List
http://nvidia.custhelp.com/app/answers/detail/a_id/4560
Third Party Advisory
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html
Third Party Advisory
Exploit
VDB Entry
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-3
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2838
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2839
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2840
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2841
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30
Third Party Advisory
Mitigation
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449
Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/
Third Party Advisory
https://www.debian.org/security/2017/dsa-3989
Third Party Advisory
https://www.exploit-db.com/exploits/42941/
Third Party Advisory
Exploit
VDB Entry