oss-sec mailing list archives
Re: CVE request for dnsmasq DoS
From: Robert Buchholz <rbu () gentoo org>
Date: Thu, 24 Jul 2008 04:20:19 +0200
On Wednesday 23 July 2008, Josh Bressers wrote:
On 8 July 2008, Jamie Strandboge wrote:I finally had time to develop a PoC and confirm this on my own. A client need only send a DHCPREQUEST for an IP address not on the same network as dnsmasq. Eg: 1. dnsmasq listening on and giving IP addresses for 192.168.122.0/24 2. client requests IP address on another network, such as 192.168.0.1 3. dnsmasq 2.25 (and presumably earlier) crashesIt seems there is also a problem with newer dnsmasq that is very similar to this: http://bugs.gentoo.org/show_bug.cgi?id=232523 That problem appears to be pretty much the same thing, but affecting versions 2.43 - 2.45
I could reproduce the issue using the dhcp_request.py Jamie sent earlier. The problem manifests the same way as the 2.25 flaw, but it only affects 2.43 -- 2.42 survives, and so does 2.44. However, that release has been withdrawn [1] because of another bug. Hope that helps, Robert [1] http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.44-REMOVED.txt
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: CVE request for dnsmasq DoS Steven M. Christey (Jul 01)
- Re: CVE request for dnsmasq DoS Nico Golde (Jul 02)
- Re: CVE request for dnsmasq DoS Jamie Strandboge (Jul 03)
- Re: CVE request for dnsmasq DoS Jamie Strandboge (Jul 08)
- Re: CVE request for dnsmasq DoS Josh Bressers (Jul 23)
- Re: CVE request for dnsmasq DoS Robert Buchholz (Jul 23)
- Re: CVE request for dnsmasq DoS Robert Buchholz (Jul 23)
- Re: CVE request for dnsmasq DoS Jamie Strandboge (Jul 08)
- Re: CVE request for dnsmasq DoS Jamie Strandboge (Jul 12)