Bug 86718 - net-dns/dnsmasq 2.21 fixes remote vulnerabilities
|
Bug#:
86718
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: alex00882007@gmail.com
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.securityfocus.com/bid/12897/info/
|
|
Summary: net-dns/dnsmasq 2.21 fixes remote vulnerabilities
|
|
Keywords:
|
|
Status Whiteboard: B4 [glsa] koon
|
|
Opened: 2005-03-25 16:08 0000
|
The discussion portion tells that dnsmasq is vulnerable to an off-by-one
overflow and some DNS poisoning as well.
It can quickly be fixed by updating dnsmasq to version 2.21
Reproducible: Always
Steps to Reproduce:
n/a
Actual Results:
n/a
Expected Results:
n/a
Portage 2.0.51.19 (default-linux/x86/2004.3, gcc-3.3.4,
glibc-2.3.4.20040808-r1,
2.6.11fishsticks i686)
=================================================================
System uname: 2.6.11fishsticks i686 Pentium II (Klamath)
Gentoo Base System version 1.4.16
Python: dev-lang/python-2.3.4 [2.3.4 (#1, Oct 24 2004, 04:58:11)]
dev-lang/python: 2.3.4
sys-devel/autoconf: 2.59-r5
sys-devel/automake: 1.8.5-r1
sys-devel/binutils: 2.14.90.0.8-r1
sys-devel/libtool: 1.5.2-r5
virtual/os-headers: 2.4.21-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X apm arts avi berkdb bitmap-fonts crypt cups emboss encode esd fam
font-server foomaticdb fortran gdbm gif gnome gpm gtk gtk2 imlib ipv6 jpeg kde
libg++ libwww mad mikmod motif mp3 mpeg ncurses nls oggvorbis opengl oss pam
pdflib perl png python qt quicktime readline sdl spell ssl svga tcpd tiff
truetype truetype-fonts type1-fonts xml2 xmms xv zlib"
Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY
local bump to 2.21 fails with netlink errors. starting with dnsmasq-2.21 there
is
new code to run dnsmasq/dhcp on alias interfaces. My guess is the author was a
little rushed to get the code out the door and thus it's incomplete and or not
well tested. The diff -Nrup dnsmasq-2.2{0,1} is rather large so pinpointing the
exact fix needed to patch 2.20 might be a little tricky.
Created an attachment (id=54494) [details]
dnsmasq-2.21-nonetlink.patch
patch to allow 2.21 to build. This is not the ideal fix but seeing as the rt
netlink handling is new functionality I don't think were really missing out on
anything.
dnsmasq-2.21 committed with upstream's netlink.c fix (the correct fix is to
include types.h)
Arches please test and mark stable.
The off-by-one affects the reading of lease files which are not under the
control of a remote attacker (interestingly it was found by our own audit
team).
That leaves us with the DNS cache poisoning things, so this is minor... but
everyone agreed it needed a GLSA anyway, so I drafted one.
The off-by-one is actually two off-by-ones per evil lease entry. This bug can
be triggered by anyone on the local LAN segment who sends clientid and
hostnames over a certain length. It is possible this may lead to a crash when
dnsmasq restarts and parses the lease file (the bugs exist in the lease file
parsing code). During my tests I never saw dnsmasq crash as a result of this,
hence me not filing a bug myself.
2.22 is in the tree and has a bunch of fixes, but I've committed it as ~arch
due to changes not related to 2.21 regressions. Dunno if the security folks
want to go through the effort of stabilizing 2.22 (2.21 is masked)
Well, we need to have a fixed stable version for people to upgrade to.
TARGET KEYWORDS="~alpha amd64 arm ~hppa ia64 mips ppc s390 ~sh sparc x86"
Arches, 2.21 was regressing in some ugly cases, please test and adjust keywords on 2.22 according to TARGET KEYWORDS.
Still missing x86 stable keyword to send GLSA
avenj/uberlord/x86-herd: please test and mark stable on x86
I'd ask that Uberlord please do it, as far as I know it's stable but he's the
only one I can think of offhand who can confirm the 2.21 bugs are fixed for
good (his setup's much more complex than mine)
*** Bug 87564 has been marked as a duplicate of this bug. ***
