Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Jan 2013 13:04:08 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Tomas Hozza <thozza@...hat.com>, Josh Stone <jistone@...hat.com>
Subject: Re: CVE Request -- dnsmasq: Incomplete fix for the
 CVE-2012-3411 issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/18/2013 06:31 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> the CVE-2012-3411 identifier has been originally assigned to the 
> following issue:
> 
> When dnsmasq is used in conjunctions with certain configurations of
> libvirtd, network packets from prohibited networks (e.g. packets
> that should not be passed in) may be sent to the dnsmasq
> application and processed. This can result in DNS amplification
> attacks for example. [1]
> http://www.openwall.com/lists/oss-security/2012/07/12/5
> 
> Later it was found: [2]
> https://bugzilla.redhat.com/show_bug.cgi?id=894486 [3]
> https://bugzilla.redhat.com/show_bug.cgi?id=894486#c3
> 
> the upstream patch for CVE-2012-3411 it not to be working
> properly, as it still allowed (from [3]):
> 
> * replies to remote TCP-protocol based DNS queries (UDP protocol
> ones were corrected, but TCP ones not) from prohibited networks,
> when the --bind-dynamic option was used,
> 
> * when --except-interface lo option was used dnsmasq didn't answer
> local or remote UDP DNS queries, but still allowed TCP protocol
> based DNS queries,
> 
> * when --except-interface lo option was not used local / remote TCP
> DNS queries were also still answered by dnsmasq.
> 
> Could you allocate a new CVE identifier for this? (as an incomplete
> fix for CVE-2012-3411 issue)
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team


Please use CVE-2013-0198 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ+aq3AAoJEBYNRVNeJnmTRxUP/2Qrpz52gOOcAk5Pdc50kue4
nP8i7VOVsV+0rjmJ3U8xbbnERQkzvoNtuTel/wsjg4qT9EY3XUQ4N8qJyYPpJD3U
Gsy4BrBeVT9ZpUXiRtKfYxP0E9G6OPGu5tMTK1baYuFRS9czObTBk4JamPnapv9Z
t+48GmilchuYlyn0yxRp77aG7nrSt/YCgX7MTdEyAOWP8q+wYPc2/jBkNERcRp1U
VMqnTgOWH9IjUXhLWKwmCoJKescbVjRH8snGHeShDx1l+fzwKVEcFt2s5sEX/fll
aLoRUOZ9qxAP3wYo0vkeoWEJZr/TxqqAraHi95gkCxtcPCIJ1w+qh1Zg9cOZ8Rnl
KfmGbNaiqo3zQo/3lBqCZmTn/DovppQv992b0HMGsGyaRpw1Btylr5txGqWHldcG
y31L8Ij5SuKmh4vnqTpZb1ax18OgxUCD91Id7RNk5ofTv676zr3xaSqbk0+nqYqe
KRKrfoD7ShlAWqO1J0QYVCY63hzS+YdvwrT9C1QMa7yvgpsaIeVgPnhrfQEaGazd
QXJFd76oD6V6+/AlTMFCdY6VgsFy8rLhDXj0RDC/3u+ZZnxl9RXZ9x/gwXYv/EnO
TvSNJluKAjWcebuJbZzPn25IWnGVXyjppOoy9ZjOEFoz78N2y2qE8oJeALL6RlXe
fnjNc4y3IkmdWllKnzPM
=H+Cc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ