The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2836 advisory.

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic     Host Configuration Protocol) server.

    Security Fix(es):

    * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An     attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute     arbitrary code. (CVE-2017-14491)

    * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An     attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or,     potentially, execute arbitrary code. This issue only affected configurations using one of these options:
    enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)

    * A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could     send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute     arbitrary code. (CVE-2017-14493)

    * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network     could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory,     potentially leaking sensitive data. (CVE-2017-14494)

    * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS     packets which would trigger memory allocations which would never be freed, leading to unbounded memory     consumption and eventually a crash. This issue only affected configurations using one of the options: add-     mac, add-cpe-id, or add-subnet. (CVE-2017-14495)

    * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An     attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected     configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)

    Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team),     Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google     Security Team) for reporting these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : dnsmasq (RHSA-2017:2836)

critical Nessus Plugin ID 103628

Version 3.21