Overview
Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.
Description
Multiple vulnerabilities have been reported in dnsmasq. CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 |
Impact
Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests. |
Solution
Apply an Update |
Vendor Information
Ruckus Wireless Affected
Notified: September 25, 2017 Updated: February 02, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Technicolor Affected
Updated: October 18, 2017
Statement Date: October 18, 2017
Status
Affected
Vendor Statement
We issued a security bulletin through the FIRST mailing list.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ZyXEL Affected
Notified: September 25, 2017 Updated: February 02, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
dnsmasq Affected
Notified: September 25, 2017 Updated: October 02, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Brocade Communication Systems Not Affected
Notified: September 25, 2017 Updated: February 02, 2018
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
3com Inc Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
ACCESS Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
AT&T Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Actiontec Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Aerohive Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Alcatel-Lucent Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Amazon Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Android Open Source Project Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Apple Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Arch Linux Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Arista Networks, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Aruba Networks Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
AsusTek Computer Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Avaya, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Belkin, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Broadcom Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CA Technologies Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Check Point Software Technologies Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Cisco Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CoreOS Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
D-Link Systems, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Debian GNU/Linux Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Dell Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
DesktopBSD Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Devicescape Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
DragonFly BSD Project Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
EMC Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
EfficientIP SAS Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ericsson Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Espressif Systems Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Extreme Networks Unknown
Notified: September 26, 2017 Updated: September 26, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
F5 Networks, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Fedora Project Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Force10 Networks Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
FreeBSD Project Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
GNU glibc Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Google Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
HTC Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
HardenedBSD Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Hewlett Packard Enterprise Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Hitachi Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Huawei Technologies Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IBM, INC. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Infoblox Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Intel Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Internet Systems Consortium Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Internet Systems Consortium - DHCP Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Joyent Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Juniper Networks Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Lenovo Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
McAfee Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
MediaTek Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Medtronic Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Microsoft Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Motorola, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NEC Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NetBSD Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Netgear, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nokia Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nominum Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OmniTI Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OpenBSD Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OpenDNS Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Openwall GNU/*/Linux Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Oracle Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Peplink Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Philips Electronics Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
PowerDNS Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Pulse Secure Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
QNX Software Systems Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
QUALCOMM Incorporated Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Quantenna Communications Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Red Hat, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SUSE Linux Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SafeNet Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Samsung Mobile Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Secure64 Software Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sierra Wireless Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Slackware Linux Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SmoothWall Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Snort Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sony Corporation Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sophos, Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sourcefire Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Symantec Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
TippingPoint Technologies Inc. Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Toshiba Commerce Solutions Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
TrueOS Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Turbolinux Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ubiquiti Networks Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ubuntu Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Unisys Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
VMware Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Wind River Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Zebra Technologies Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
m0n0wall Unknown
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.7 | E:H/RL:OF/RC:C |
| Environmental | 8.7 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 |
| Date Public: | 2017-10-02 |
| Date First Published: | 2017-10-02 |
| Date Last Updated: | 2018-02-02 14:16 UTC |
| Document Revision: | 26 |