Russian Vulnerability Scanner Database

Back to List

BDU:2017-02360

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.3high3.x
0246810

CVSS Score: 7.3/10

All CVSS Scores

CVSS 3.x
7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Уязвимость DNS-сервера Dnsmasq вызвана переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или выполнить произвольный код путем отправки специально сформированных DNS-пакетов

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2017-14491

Exploits

Exploit ID: 42941

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42941

Exploit ID: CVE-2017-14491

Source: github-poc

URL: https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14491
http://ubuntu.com/usn/usn-3430-1
http://ubuntu.com/usn/usn-3430-2
https://www.kb.cert.org/vuls/id/973527
http://www.debian.org/security/dsa-3989/
https://rhn.redhat.com/errata/RHSA-2017:2836.html
https://rhn.redhat.com/errata/RHSA-2017:2837.html
https://rhn.redhat.com/errata/RHSA-2017:2838.html
https://rhn.redhat.com/errata/RHSA-2017:2839.html
https://rhn.redhat.com/errata/RHSA-2017:2840.html
https://rhn.redhat.com/errata/RHSA-2017:2841.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
http://www.securitytracker.com/id/1039474
http://www.exploit-db.com/exploits/42941/
http://www.securityfocus.com/bid/101085
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
http://www.debian.org/security/2017/dsa-3989
http://www.securityfocus.com/bid/101085
http://www.securitytracker.com/id/1039474
http://www.ubuntu.com/usn/USN-3430-1
http://www.ubuntu.com/usn/USN-3430-2
https://access.redhat.com/errata/RHSA-2017:2836
https://access.redhat.com/errata/RHSA-2017:2837
https://access.redhat.com/errata/RHSA-2017:2838
https://access.redhat.com/errata/RHSA-2017:2839
https://access.redhat.com/errata/RHSA-2017:2840
https://access.redhat.com/errata/RHSA-2017:2841
https://access.redhat.com/security/vulnerabilities/3199382
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://www.exploit-db.com/exploits/42941/
https://www.kb.cert.org/vuls/id/973527
https://www.mail-archive.com/dnsmasq-discusslists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discusslists.thekelleys.org.uk/msg11665.html
https://www.belden.com/hubfs/support/security/bulletins/Belden_Security_Bulletin_BSECV-2020-04_1v0.pdf?hsLang=en
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Recommendations

Source: bdu

Использование рекомендаций:
Для Dnsmasq:

http://thekelleys.org.uk/dnsmasq/CHANGELOG

Для продуктов Novell Inc.:
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

Для Debian:

http://www.debian.org/security/2017/dsa-3989
Для Ubuntu:

http://www.ubuntu.com/usn/USN-3430-1

http://www.ubuntu.com/usn/USN-3430-2

Для продуктов Red Hat Inc.:

https://access.redhat.com/errata/RHSA-2017:2836

https://access.redhat.com/errata/RHSA-2017:2837

https://access.redhat.com/errata/RHSA-2017:2838

https://access.redhat.com/errata/RHSA-2017:2839

https://access.redhat.com/errata/RHSA-2017:2840

https://access.redhat.com/errata/RHSA-2017:2841

https://access.redhat.com/security/vulnerabilities/3199382

Для продуктов Belden Inc.:
https://www.belden.com/hubfs/support/security/bulletins/Belden_Security_Bulletin_BSECV-2020-04_1v0.pdf?hsLang=en

Для продуктов Siemens:
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Организационные меры:
Компания «Сименс» определила следующие конкретные обходные пути и меры по смягчению последствий данной уязвимости:
Для SCALANCE M800, SCALANCE S615 и RUGGEDCOM RM1224: Отключите DNS-прокси в конфигурации устройства (Система - DNS - DNS-прокси - Отключить флажок «Включить DNS-прокси») и настройте подключенные устройства во внутренней сети для использования другого DNS-сервера.
Для SCALANCE W1750D: Если функциональность «OpenDNS», «Captive Portal» или «URL redirection» не используется,
разверните правила брандмауэра в конфигурации устройства, чтобы заблокировать входящий доступ к порту 53/UDP.

URL: https://bdu.fstec.ru/vul/2017-02360

Vulnerable Software (195)

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 14.04 LTS

Trait: 
{  "version_exact": "1.2.01"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 14.04 LTS

Trait: 
{  "version_exact": "1.2.04"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 14.04 LTS

Trait: 
{  "version_exact": "1.0.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 14.04 LTS

Trait: 
{  "version_exact": "1.1.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: opensuse leap 42.3

Trait: 
{  "version_exact": "1.2.01"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: opensuse leap 42.3

Trait: 
{  "version_exact": "1.2.04"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: opensuse leap 42.3

Trait: 
{  "version_exact": "1.0.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: opensuse leap 42.3

Trait: 
{  "version_exact": "1.1.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 7

Trait: 
{  "version_exact": "1.2.01"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 7

Trait: 
{  "version_exact": "1.2.04"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 7

Trait: 
{  "version_exact": "1.0.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 7

Trait: 
{  "version_exact": "1.1.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 17.04

Trait: 
{  "version_exact": "1.2.01"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 17.04

Trait: 
{  "version_exact": "1.2.04"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 17.04

Trait: 
{  "version_exact": "1.0.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: ubuntu 17.04

Trait: 
{  "version_exact": "1.1.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 6

Trait: 
{  "version_exact": "1.2.01"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 6

Trait: 
{  "version_exact": "1.2.04"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 6

Trait: 
{  "version_exact": "1.0.00"}

Source: bdu

Type: Configuration

Vendor: belden inc.

Product: owl 3g

Operating System: red hat enterprise linux Workstation 6

Trait: 
{  "version_exact": "1.1.00"}

Source: bdu