漏洞信息详情
Dnsmasq 数字错误漏洞
- CNNVD编号:CNNVD-201709-742
- 危害等级: 高危
- CVE编号: CVE-2017-14496
- 漏洞类型: 数字错误
- 发布时间: 2017-09-18
- 威胁类型: 远程或本地
- 更新时间: 2020-10-14
- 厂 商: thekelleys
- 漏洞来源: Gabriel Campana, ...
漏洞简介
Dnsmasq是软件开发者Simon Kelley所研发的一款使用C语言编写的开源轻量级DNS转发和DHCP、TFTP服务器。
Dnsmasq 2.78之前的版本中的‘add_pseudoheader’函数存在整数下溢漏洞。远程攻击者可通过发送特制的DNS请求利用该漏洞造成拒绝服务。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
参考网址
来源:www.kb.cert.org
链接:http://www.kb.cert.org/vuls/id/973527
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2017:2837
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2017:2836
来源:ics-cert.us-cert.gov
链接:https://ics-cert.us-cert.gov/advisories/ICSA-17-332-01
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14496.py
来源:www.debian.org
链接:https://www.debian.org/security/2017/dsa-3989
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14496
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14495
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14494
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14493
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14492
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495409Bug1495409
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14491
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/CVE-2017-13704
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495510
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495416
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495415
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495412
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495411
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495410
来源:security.Googleblog.com
链接:https://security.Googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.HTML
来源:source.CMS.zone.ci/e/tags/htag.php?tag=Android target=_blank class=infotextkey>Android.com
链接:https://source.CMS.zone.ci/e/tags/htag.php?tag=Android target=_blank class=infotextkey>Android.com/security/bulletin/2017-10-01
来源:www.slackware.com
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.601472
来源:github.com
链接:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14495.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14494.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14493.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14492.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14491.py
来源:www.thekelleys.org.uk
链接:http://www.thekelleys.org.uk/dnsmasq/doc.HTML
来源:www.thekelleys.org.uk
链接:http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
来源:www.securityfocus.com
链接:http://www.securityfocus.com/bid/101085
来源:us-cert.cisa.gov
链接:https://us-cert.cisa.gov/ics/advisories/ICSA-17-332-01
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/101085
受影响实体
- Thekelleys Dnsmasq:2.77
补丁
暂无
评论