oss-sec mailing list archives

CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 09 Jul 2012 14:04:35 +0200

Hello Kurt, Steve, vendors,

  David Woodhouse reported a deficiency in the way dnsmasq,
a lightweight, easy to configure DNS forwarder and DHCP server,
when being run under libvirt, a library providing simple
virtualization API, performed processing of packets coming
outside of virtual network set for the particular guest domain.

  When libvirt was configured to provide a range of public
IP addresses to its guest domains and dnsmasq was instructed
to discard packets originating from other interfaces, than
specified on the command line via the --bind-interface option,
those packets (coming from 'prohibited' interfaces) were not
dropped properly and subsequently processed.

  A remote attacker could use this flaw to cause a distributed
denial of service, as demonstrated in the report [1] via "stream
of spoofed DNS queries producing large results".

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=833033

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Jan Lieskovsky (Jul 09)
- Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Jan Lieskovsky (Jul 09)
  - Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Kurt Seifried (Jul 12)