Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 20 Jun 2017 08:09:39 +0200 (CEST)
From: Daniel Stenberg <daniel@...x.se>
To: c-ares development <c-ares@...l.haxx.se>, oss-security@...ts.openwall.com
Subject: [SECURITY ADVISORY] c-ares NAPTR parser out of bounds access

c-ares NAPTR parser out of bounds access
========================================

Project c-ares Security Advisory, June 20, 2017 -
[Permalink](https://c-ares.haxx.se/adv_20170620.html)

VULNERABILITY
-------------

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing
NAPTR responses, could be triggered to read memory outside of the given input
buffer if the passed in DNS response packet was crafted in a particular way.

We are not aware of any exploits of this flaw.

INFO
----

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2017-1000381 to this issue.

AFFECTED VERSIONS
-----------------

This flaw exists in the following c-ares versions.

- Affected versions: c-ares 1.8.0 to and including 1.12.0
- Not affected versions: c-ares >= 1.13.0

THE SOLUTION
------------

In version 1.13.0, the `RR_len` value gets checked properly and the function
is also added to the fuzz testing. It was previously accidentally left out
from that.

A [patch for CVE-2017-1000381](https://c-ares.haxx.se/CVE-2017-1000381.patch)
is available.

RECOMMENDATIONS
---------------

We suggest you take one of the following actions immediately, in order of
preference:

  A - Upgrade c-ares to version 1.13.0

  B - Apply the patch to your version and rebuild

  C - Do not use `ares_parse_naptr_reply()`.

TIME LINE
---------

It was reported to the c-ares project on May 20. We contacted distros@...nall
on June 16.

c-ares 1.13.0 was released on June 20 2017, coordinated with the publication
of this advisory.

CREDITS
-------

Thanks to LCatro for the report and to David Drysdale for the fix.

-- 

  / daniel.haxx.se

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ