settingsLogin | Registersettings

[openstack-dev] [OSSN-0082] Heap and Stack based buffer overflows in dnsmasq prior to version 2.78

0 votes

Heap and Stack based buffer overflows in dnsmasq prior to version 2.78

Summary

A series of heap and stack based buffer overflows have been discovered
in versions of dnsmasq prior to release 2.78.

Affected Services / Software

Any neutron based OpenStack deployment on a version of dnsmasq prior to
2.78.

Discussion

The following attack vectors have been assigned the following CVE numbers.

  • CVE-2017-14491
  • CVE-2017-14492
  • CVE-2017-14493
  • CVE-2017-14494
  • CVE-2017-14495
  • CVE-2017-14496
  • CVE-2017-13704

Each of these CVE's exposes a neutron based OpenStack deployment to
various attacks such as leakage of sensitive memory information or
causing a denial of service. Nodes are exposed to this risk by the
crafting of various nefarious DNS or DHCP requests.

Recommended Actions

Operators should update the dnsmasq service using the affected nodes
operating systems packaging tools to version 2.78 and later, or a
distribution packaged version that contains relevant backports for these
vulnerabilities.

Contacts / References

Author: Luke Hinds lhinds@redhat.com
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0082
Mailing List : [Security] tag on openstack-dev@lists.openstack.org
Launchpad Bug: https://bugs.launchpad.net/neutron/+bug/1721063
CVE: CVE-2017-14491
OpenStack Security Project : https://launchpad.net/~openstack-ossg


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

asked Oct 4, 2017 in openstack by Luke_Hinds (1,500 points)  ‚óŹ 1
...