547966 – (CVE-2015-3294) <net-dns/dnsmasq-2.72-r2: unchecked return value of the setup_reply() function (CVE-2015-3294)

Bug 547966 (CVE-2015-3294) - <net-dns/dnsmasq-2.72-r2: unchecked return value of the setup_reply() function (CVE-2015-3294)

Summary: <net-dns/dnsmasq-2.72-r2: unchecked return value of the setup_reply() functio...

Status:	RESOLVED FIXED

Alias:	CVE-2015-3294

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B2 [glsa cleanup cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-04-28 07:01 UTC by Agostino Sarubbo
Modified:	2016-05-31 22:29 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-04-28 07:01:45 UTC

From ${URL} :

The following flaw was found in dnsmasq:

Dnsmasq does not properly check the return value of the setup_reply() function called during a tcp 
connection (by the tcp_request() function). This return value is then used as a size argument in a 
function which writes data on the client's connection. This may lead, upon successful exploitation, 
to reading the heap memory of dnsmasq.

This issue is fixed in dnsmasq-2.73rc4:

http://www.thekelleys.org.uk/dnsmasq/release-candidates/

External References:

https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1502/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Patrick McLean gentoo-dev

2015-04-28 18:17:45 UTC

Pulled in fix from git to dnsmasq-2.72-r1, it is ready for stabilization.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2015-06-14 20:35:17 UTC

CVE-2015-3294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3294):
  The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle
  the return value of the setup_reply function, which allows remote attackers
  to read process memory and cause a denial of service (out-of-bounds read and
  crash) via a malformed DNS request.

Comment 3 Yury German Gentoo Infrastructure

2015-06-16 03:40:00 UTC

(In reply to Patrick McLean from comment #1)
> Pulled in fix from git to dnsmasq-2.72-r1, it is ready for stabilization.

This was missed, do you still want to stable dnsmasq-2.72-r1 or later version as there are two later in tree.

Comment 4 Patrick McLean gentoo-dev

2015-06-16 18:18:27 UTC

Use 2.72-r2 since 2.73 is too new to be stabilized yet, and the only change from -r1 to -r2 is a lua dependency tweak.

Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-06-16 18:21:29 UTC

Arches, please stabilize: 
=net-dns/dnsmasq-2.72-r1
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-06-16 18:22:37 UTC

(In reply to Kristian Fiskerstrand from comment #5)
> Arches, please stabilize: 
> =net-dns/dnsmasq-2.72-r1
> Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

Sorry, misread, that should be 
=net-dns/dnsmasq-2.72-r2
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

Comment 7 Agostino Sarubbo gentoo-dev

2015-06-17 07:17:20 UTC

amd64 stable

Comment 8 Agostino Sarubbo gentoo-dev

2015-06-17 07:22:01 UTC

x86 stable

Comment 9 Agostino Sarubbo gentoo-dev

2015-06-17 08:51:56 UTC

sparc stable

Comment 10 Mikle Kolyada (RETIRED) archtester

2015-06-17 19:14:16 UTC

arm stable

Comment 11 Jeroen Roovers (RETIRED) gentoo-dev

2015-06-19 05:26:41 UTC

Stable for HPPA.

Comment 12 Jeroen Roovers (RETIRED) gentoo-dev

2015-06-19 06:10:58 UTC

Stable for PPC64.

Comment 13 Agostino Sarubbo gentoo-dev

2015-06-24 07:57:09 UTC

ppc stable

Comment 14 Agostino Sarubbo gentoo-dev

2015-07-03 09:57:18 UTC

alpha stable

Comment 15 Mikle Kolyada (RETIRED) archtester

2015-07-24 09:37:41 UTC

ia64 stable

Comment 16 Yury German Gentoo Infrastructure

2015-08-04 14:11:00 UTC

Arches, Thank you for your work.
Maintainer(s), please drop the vulnerable version(s).

New GLSA Request filed.

Comment 17 Yury German Gentoo Infrastructure

2015-10-10 02:48:36 UTC

It has been 30 days+ since cleanup requested.
Maintainer(s), please drop the vulnerable version(s).

Comment 18 GLSAMaker/CVETool Bot gentoo-dev

2015-12-17 16:39:01 UTC

This issue was resolved and addressed in
 GLSA 201512-01 at https://security.gentoo.org/glsa/201512-01
by GLSA coordinator Yury German (BlueKnight).

Comment 19 Yury German Gentoo Infrastructure

2015-12-17 16:40:06 UTC

Re-Openning for Cleanup

Comment 20 Yury German Gentoo Infrastructure

2016-02-25 08:21:01 UTC

Maintainer(s), please drop the vulnerable version(s).

Comment 21 Yury German Gentoo Infrastructure

2016-04-26 07:32:24 UTC

Can we please clean up version =net-dns/dnsmasq-2.66 please. Vulnerable since last year.

Comment 22 Patrick McLean gentoo-dev

2016-05-31 22:29:54 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82c65b45c21f0c64aaf06ced2177d58685caf9ac