漏洞信息详情
Dnsmasq 信息泄露漏洞
- CNNVD编号:CNNVD-201709-744
- 危害等级: 中危
- CVE编号: CVE-2017-14494
- 漏洞类型: 信息泄露
- 发布时间: 2017-09-18
- 威胁类型: 远程或本地
- 更新时间: 2019-05-24
- 厂 商: thekelleys
- 漏洞来源: Gabriel Campana, ...
漏洞简介
Dnsmasq是软件开发者Simon Kelley所研发的一款使用C语言编写的开源轻量级DNS转发和DHCP、TFTP服务器。
Dnsmasq 2.78之前的版本中存在安全漏洞。远程攻击者可利用该漏洞获取敏感的内存信息。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
参考网址
来源:www.kb.cert.org
链接:http://www.kb.cert.org/vuls/id/973527
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2017:2837
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2017:2836
来源:ics-cert.us-cert.gov
链接:https://ics-cert.us-cert.gov/advisories/ICSA-17-332-01
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14496.py
来源:www.debian.org
链接:https://www.debian.org/security/2017/dsa-3989
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14496
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14495
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14494
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14493
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14492
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495409Bug1495409
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2017-14491
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/CVE-2017-13704
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495510
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495416
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495415
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495412
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495411
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1495410
来源:security.Googleblog.com
链接:https://security.Googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.HTML
来源:source.CMS.zone.ci/e/tags/htag.php?tag=Android target=_blank class=infotextkey>Android.com
链接:https://source.CMS.zone.ci/e/tags/htag.php?tag=Android target=_blank class=infotextkey>Android.com/security/bulletin/2017-10-01
来源:www.slackware.com
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.601472
来源:github.com
链接:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14495.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14494.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14493.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14492.py
来源:github.com
链接:https://github.com/Google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14491.py
来源:www.thekelleys.org.uk
链接:http://www.thekelleys.org.uk/dnsmasq/doc.HTML
来源:www.thekelleys.org.uk
链接:http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
来源:www.securityfocus.com
链接:http://www.securityfocus.com/bid/101085
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/101085
受影响实体
- Thekelleys Dnsmasq:2.77
补丁
- Dnsmasq 信息泄露漏洞的修复措施
评论