[Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly
Albert ARIBAUD
albert.aribaud at free.fr
Tue May 3 20:02:44 BST 2016
Hi Alexander,
Le Tue, 3 May 2016 22:56:45 +0500
"Alexander E. Patrakov" <patrakov at gmail.com> a écrit:
> 03.05.2016 22:28, Albert ARIBAUD wrote:
> > Hi Alexander,
> >
> > Le Tue, 3 May 2016 21:45:00 +0500
> > "Alexander E. Patrakov" <patrakov at gmail.com> a écrit:
> >
> >> 2016-05-03 20:37 GMT+05:00 Simon Kelley <simon at thekelleys.org.uk>:
> >>> I'm pretty sure that this is fixed in the current code.
> >>
> >> It is indeed fixed in git! But distributions (including Ubuntu and
> >> Arch) are still distributing a vulnerable version and are probably
> >> unaware of it. Could you please apply for a CVE ID (if it doesn't
> >> already exist) so that they fix their packages?
> >
> > A CVE ID? For a crash caused by a specific local name record which
> > clashes with the public one? What's the vulnerability or exposure
> > here?
>
> This is actually crashable by querying any CNAME that points to
> localhost.localdomain, given that upstream is 8.8.8.8, because
> localhost.localdomain nearly universally exists in /etc/hosts as ::1,
> and 8.8.8.8 doesn't have an AAAA entry for it. So this is a security
> issue.
I am still not seeing what the *security* issue is. How can this problem
be *exploited* in order to cause a DoS or compromise a host for
instance?
Amicalement,
--
Albert.
More information about the Dnsmasq-discuss
mailing list