[Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
Mouath Ibrahim
dnsmasq at mouath.com
Mon Oct 8 02:58:00 BST 2018
Hello,
I ran the PoC supplied by Google research team found here: https://github.com/
google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/
CVE-2017-14495.py
and noticed immediately that dnsmasq process uses up 100% CPU usage and stops
responding to queries short after based on the original CVE the effect was
high memory usage but in this cause it was not.
note dnsmasq didn't have any of these options set "--add-mac, --add-cpe-id or
--add-subnet".
Fun note: run a local dnsmasq and set upstream to multiple dnsmasq servers,
local dnsmasq will forward these queries and cause the same effect
....
dnsmasq: forwarded query to 10.0.0.20
dnsmasq: forwarded query to 10.0.0.7
dnsmasq: forwarded query to 10.0.0.25
dnsmasq: forwarded query to 10.0.0.20
dnsmasq: forwarded query to 10.0.0.7
dnsmasq: forwarded query to 10.0.0.25
....
Regards,
Mouath Ibrahim
More information about the Dnsmasq-discuss
mailing list