Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 09 Jul 2012 14:04:35 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com, David Woodhouse <dwmw2@...radead.org>,
        Daniel Berrange <berrange@...hat.com>,
        Daniel Veillard <veillard@...hat.com>
Subject: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy
 (reachable out-of the virtual network set for the particular guest domain
 too) is created

Hello Kurt, Steve, vendors,

   David Woodhouse reported a deficiency in the way dnsmasq,
a lightweight, easy to configure DNS forwarder and DHCP server,
when being run under libvirt, a library providing simple
virtualization API, performed processing of packets coming
outside of virtual network set for the particular guest domain.

   When libvirt was configured to provide a range of public
IP addresses to its guest domains and dnsmasq was instructed
to discard packets originating from other interfaces, than
specified on the command line via the --bind-interface option,
those packets (coming from 'prohibited' interfaces) were not
dropped properly and subsequently processed.

   A remote attacker could use this flaw to cause a distributed
denial of service, as demonstrated in the report [1] via "stream
of spoofed DNS queries producing large results".

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=833033

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.