Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714606 (CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080) - <net-libs/libmicrodns-0.1.2: Multiple vulnerabilities (CVE-2020-{6071,6072,6073,6077,6078,6079,6080})
Summary: <net-libs/libmicrodns-0.1.2: Multiple vulnerabilities (CVE-2020-{6071,6072,60...
Status: RESOLVED FIXED
Alias: CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-25 01:02 UTC by Sam James (sec padawan)
Modified: 2020-05-14 22:23 UTC (History)
1 user (show)

See Also:
Package list:
=net-libs/libmicrodns-0.1.2
Runtime testing required: No


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-03-25 01:02:46 UTC
1) CVE-2020-6071

Description:
"An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994

2) CVE-2020-6072

Description:
"An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995

3) CVE-2020-6073

Description:
"An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996

4) CVE-2020-6077

Description:
"An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000

5) CVE-2020-6078

Description:
"An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001

6) CVE-2020-6079

Description:
"An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002

7) CVE-2020-6080

Description:
"An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]."

URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
Comment 1 Sam James (sec padawan) 2020-03-25 01:03:34 UTC
@maintainer(s), please create an appropriate ebuild.
Comment 2 Larry the Git Cow gentoo-dev 2020-04-11 20:16:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d41fe2bbcddc03ff2f97b979c302778b494021b

commit 9d41fe2bbcddc03ff2f97b979c302778b494021b
Author:     Adam Feldman <NP-Hardass@gentoo.org>
AuthorDate: 2020-04-11 20:15:51 +0000
Commit:     Adam Feldman <NP-Hardass@gentoo.org>
CommitDate: 2020-04-11 20:16:33 +0000

    net-libs/libmicrodns: Bump to 0.1.2
    
    Bug: https://bugs.gentoo.org/714606
    Package-Manager: Portage-2.3.96, Repoman-2.3.21
    Signed-off-by: Adam Feldman <NP-Hardass@gentoo.org>

 net-libs/libmicrodns/Manifest                 |  1 +
 net-libs/libmicrodns/libmicrodns-0.1.2.ebuild | 35 +++++++++++++++++++++++++++
 net-libs/libmicrodns/libmicrodns-9999.ebuild  | 24 +++++++++++-------
 3 files changed, 51 insertions(+), 9 deletions(-)
Comment 3 Mart Raudsepp gentoo-dev 2020-04-12 09:09:46 UTC
arm64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-04-13 14:51:13 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-04-13 14:52:11 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-04-13 15:02:47 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-04-14 12:34:14 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 8 NATTkA bot gentoo-dev 2020-04-14 12:36:36 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 9 Larry the Git Cow gentoo-dev 2020-04-14 21:47:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93473e2cd16939d513bc064738f4d639e513dd5c

commit 93473e2cd16939d513bc064738f4d639e513dd5c
Author:     Adam Feldman <NP-Hardass@gentoo.org>
AuthorDate: 2020-04-14 21:46:47 +0000
Commit:     Adam Feldman <NP-Hardass@gentoo.org>
CommitDate: 2020-04-14 21:46:47 +0000

    net-libs/libmicrodns: Drop old
    
    Bug: https://bugs.gentoo.org/714606
    Package-Manager: Portage-2.3.96, Repoman-2.3.21
    Signed-off-by: Adam Feldman <NP-Hardass@gentoo.org>

 net-libs/libmicrodns/Manifest                 |  1 -
 net-libs/libmicrodns/libmicrodns-0.0.9.ebuild | 31 ---------------------------
 2 files changed, 32 deletions(-)
Comment 10 Sam James (sec padawan) 2020-04-15 00:22:31 UTC
Thanks all.
Comment 11 Sam James (sec padawan) 2020-04-15 00:24:16 UTC
(here, it looks like stable kw were carried forward and cleanup is already done, so we will just wait on glsa? for now).
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-04-15 21:28:00 UTC
CVE-2020-6080 (https://nvd.nist.gov/vuln/detail/CVE-2020-6080):
  An exploitable denial-of-service vulnerability exists in the resource
  allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors
  while parsing mDNS messages, some allocated data is not freed, possibly
  leading to a denial-of-service condition via resource exhaustion. An
  attacker can send one mDNS message repeatedly to trigger this vulnerability
  through the function rr_read_RR [5] reads the current resource record,
  except for the RDATA section. This is read by the loop at in rr_read. For
  each RR type, a different function is called. When the RR type is 0x10, the
  function rr_read_TXT is called at [6].

CVE-2020-6079 (https://nvd.nist.gov/vuln/detail/CVE-2020-6079):
  An exploitable denial-of-service vulnerability exists in the resource
  allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors
  while parsing mDNS messages, some allocated data is not freed, possibly
  leading to a denial-of-service condition via resource exhaustion. An
  attacker can send one mDNS message repeatedly to trigger this vulnerability
  through decoding of the domain name performed by rr_decode.

CVE-2020-6078 (https://nvd.nist.gov/vuln/detail/CVE-2020-6078):
  An exploitable denial-of-service vulnerability exists in the message-parsing
  functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in
  mdns_recv, the return value of the mdns_read_header function is not checked,
  leading to an uninitialized variable usage that eventually results in a null
  pointer dereference, leading to service crash. An attacker can send a series
  of mDNS messages to trigger this vulnerability.

CVE-2020-6077 (https://nvd.nist.gov/vuln/detail/CVE-2020-6077):
  An exploitable denial-of-service vulnerability exists in the message-parsing
  functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages,
  the implementation does not properly keep track of the available data in the
  message, possibly leading to an out-of-bounds read that would result in a
  denial of service. An attacker can send an mDNS message to trigger this
  vulnerability.

CVE-2020-6073 (https://nvd.nist.gov/vuln/detail/CVE-2020-6073):
  An exploitable denial-of-service vulnerability exists in the TXT
  record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
  the RDATA section in a TXT record in mDNS messages, multiple integer
  overflows can be triggered, leading to a denial of service. An attacker can
  send an mDNS message to trigger this vulnerability.

CVE-2020-6072 (https://nvd.nist.gov/vuln/detail/CVE-2020-6072):
  An exploitable code execution vulnerability exists in the label-parsing
  functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels
  in mDNS messages, the rr_decode function's return value is not checked,
  leading to a double free that could be exploited to execute arbitrary code.
  An attacker can send an mDNS message to trigger this vulnerability.

CVE-2020-6071 (https://nvd.nist.gov/vuln/detail/CVE-2020-6071):
  An exploitable denial-of-service vulnerability exists in the resource
  record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
  compressed labels in mDNS messages, the compression pointer is followed
  without checking for recursion, leading to a denial of service. An attacker
  can send an mDNS message to trigger this vulnerability.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2020-05-14 22:23:29 UTC
This issue was resolved and addressed in
 GLSA 202005-10 at https://security.gentoo.org/glsa/202005-10
by GLSA coordinator Thomas Deutschmann (whissi).