Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 09 Jul 2012 14:04:35 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com, David Woodhouse <dwmw2@...radead.org>,
        Daniel Berrange <berrange@...hat.com>,
        Daniel Veillard <veillard@...hat.com>
Subject: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy
 (reachable out-of the virtual network set for the particular guest domain
 too) is created

Hello Kurt, Steve, vendors,

   David Woodhouse reported a deficiency in the way dnsmasq,
a lightweight, easy to configure DNS forwarder and DHCP server,
when being run under libvirt, a library providing simple
virtualization API, performed processing of packets coming
outside of virtual network set for the particular guest domain.

   When libvirt was configured to provide a range of public
IP addresses to its guest domains and dnsmasq was instructed
to discard packets originating from other interfaces, than
specified on the command line via the --bind-interface option,
those packets (coming from 'prohibited' interfaces) were not
dropped properly and subsequently processed.

   A remote attacker could use this flaw to cause a distributed
denial of service, as demonstrated in the report [1] via "stream
of spoofed DNS queries producing large results".

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=833033

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ