Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 86718 - net-dns/dnsmasq 2.21 fixes remote vulnerabilities
Summary: net-dns/dnsmasq 2.21 fixes remote vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/1289...
Whiteboard: B4 [glsa] koon
Keywords:
: 87564 (view as bug list)
Depends on: 87091
Blocks:
  Show dependency tree
 
Reported: 2005-03-25 16:08 UTC by Alex
Modified: 2005-04-04 05:24 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
dnsmasq-2.21.ebuild (dnsmasq-2.21.ebuild,1.19 KB, text/plain)
2005-03-25 19:13 UTC, solar (RETIRED)
no flags Details
dnsmasq-2.21-nonetlink.patch (dnsmasq-2.21-nonetlink.patch,436 bytes, patch)
2005-03-25 19:16 UTC, solar (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex 2005-03-25 16:08:20 UTC
The discussion portion tells that dnsmasq is vulnerable to an  off-by-one overflow and some DNS poisoning as well.

It can quickly be fixed by updating dnsmasq to version 2.21

Reproducible: Always
Steps to Reproduce:
n/a

Actual Results:  
n/a

Expected Results:  
n/a

Portage 2.0.51.19 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1,
2.6.11fishsticks i686)
=================================================================
System uname: 2.6.11fishsticks i686 Pentium II (Klamath)
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4 [2.3.4 (#1, Oct 24 2004, 04:58:11)]
dev-lang/python:     2.3.4
sys-devel/autoconf:  2.59-r5
sys-devel/automake:  1.8.5-r1
sys-devel/binutils:  2.14.90.0.8-r1
sys-devel/libtool:   1.5.2-r5
virtual/os-headers:  2.4.21-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X apm arts avi berkdb bitmap-fonts crypt cups emboss encode esd fam
font-server foomaticdb fortran gdbm gif gnome gpm gtk gtk2 imlib ipv6 jpeg kde
libg++ libwww mad mikmod motif mp3 mpeg ncurses nls oggvorbis opengl oss pam
pdflib perl png python qt quicktime readline sdl spell ssl svga tcpd tiff
truetype truetype-fonts type1-fonts xml2 xmms xv zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY
Comment 1 solar (RETIRED) gentoo-dev 2005-03-25 18:54:00 UTC
local bump to 2.21 fails with netlink errors. starting with dnsmasq-2.21 there is 
new code to run dnsmasq/dhcp on alias interfaces. My guess is the author was a 
little rushed to get the code out the door and thus it's incomplete and or not 
well tested. The diff -Nrup dnsmasq-2.2{0,1} is rather large so pinpointing the 
exact fix needed to patch 2.20 might be a little tricky. 
Comment 2 solar (RETIRED) gentoo-dev 2005-03-25 19:13:40 UTC
Created attachment 54493 [details]
dnsmasq-2.21.ebuild
Comment 3 solar (RETIRED) gentoo-dev 2005-03-25 19:16:10 UTC
Created attachment 54494 [details, diff]
dnsmasq-2.21-nonetlink.patch

patch to allow 2.21 to build. This is not the ideal fix but seeing as the rt 
netlink handling is new functionality I don't think were really missing out on 

anything.
Comment 4 Jon Portnoy (RETIRED) gentoo-dev 2005-03-27 03:16:10 UTC
dnsmasq-2.21 committed with upstream's netlink.c fix (the correct fix is to include types.h)
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-03-27 03:54:18 UTC
Arches please test and mark stable.
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-03-27 04:11:11 UTC
Stable on ppc.
Comment 7 Konstantin Arkhipov (RETIRED) gentoo-dev 2005-03-27 05:59:09 UTC
stable on amd64 and x86
Comment 8 Jason Wever (RETIRED) gentoo-dev 2005-03-27 15:01:39 UTC
Stable on SPARC
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-03-28 05:57:22 UTC
The off-by-one affects the reading of lease files which are not under the control of a remote attacker (interestingly it was found by our own audit team).

That leaves us with the DNS cache poisoning things, so this is minor... but everyone agreed it needed a GLSA anyway, so I drafted one.
Comment 10 rob holland (RETIRED) gentoo-dev 2005-03-29 00:41:10 UTC
The off-by-one is actually two off-by-ones per evil lease entry. This bug can be triggered by anyone on the local LAN segment who sends clientid and hostnames over a certain length. It is possible this may lead to a crash when dnsmasq restarts and parses the lease file (the bugs exist in the lease file parsing code). During my tests I never saw dnsmasq crash as a result of this, hence me not filing a bug myself.
Comment 11 SpanKY gentoo-dev 2005-03-29 05:47:49 UTC
arm/ia64/s390 done
Comment 12 Jon Portnoy (RETIRED) gentoo-dev 2005-03-31 16:34:26 UTC
2.22 is in the tree and has a bunch of fixes, but I've committed it as ~arch due to changes not related to 2.21 regressions. Dunno if the security folks want to go through the effort of stabilizing 2.22 (2.21 is masked)
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-04-01 00:45:23 UTC
Well, we need to have a fixed stable version for people to upgrade to.

TARGET KEYWORDS="~alpha amd64 arm ~hppa ia64 mips ppc s390 ~sh sparc x86"

Arches, 2.21 was regressing in some ugly cases, please test and adjust keywords on 2.22 according to TARGET KEYWORDS.
Comment 14 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-04-01 01:05:08 UTC
Stable on ppc.
Comment 15 Gustavo Zacarias (RETIRED) gentoo-dev 2005-04-01 07:04:52 UTC
2.22 stable on sparc.
Comment 16 Jan Brinkmann (RETIRED) gentoo-dev 2005-04-01 09:46:58 UTC
stable on amd64
Comment 17 Bryan Østergaard (RETIRED) gentoo-dev 2005-04-03 01:48:49 UTC
~alpha keyworded.
Comment 18 Hardave Riar (RETIRED) gentoo-dev 2005-04-03 04:34:48 UTC
Stable on mips.
Comment 19 Thierry Carrez (RETIRED) gentoo-dev 2005-04-03 05:50:35 UTC
Still missing x86 stable keyword to send GLSA

avenj/uberlord/x86-herd: please test and mark stable on x86
Comment 20 Jon Portnoy (RETIRED) gentoo-dev 2005-04-03 06:02:41 UTC
I'd ask that Uberlord please do it, as far as I know it's stable but he's the only one I can think of offhand who can confirm the 2.21 bugs are fixed for good (his setup's much more complex than mine)
Comment 21 Jon Portnoy (RETIRED) gentoo-dev 2005-04-04 02:40:42 UTC
Stable on x86
Comment 22 Jon Portnoy (RETIRED) gentoo-dev 2005-04-04 02:41:52 UTC
*** Bug 87564 has been marked as a duplicate of this bug. ***
Comment 23 Thierry Carrez (RETIRED) gentoo-dev 2005-04-04 05:24:45 UTC
GLSA 200504-03