Date: Mon, 09 Jul 2012 14:04:35 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com, David Woodhouse <dwmw2@...radead.org>, Daniel Berrange <berrange@...hat.com>, Daniel Veillard <veillard@...hat.com> Subject: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Hello Kurt, Steve, vendors, David Woodhouse reported a deficiency in the way dnsmasq, a lightweight, easy to configure DNS forwarder and DHCP server, when being run under libvirt, a library providing simple virtualization API, performed processing of packets coming outside of virtual network set for the particular guest domain. When libvirt was configured to provide a range of public IP addresses to its guest domains and dnsmasq was instructed to discard packets originating from other interfaces, than specified on the command line via the --bind-interface option, those packets (coming from 'prohibited' interfaces) were not dropped properly and subsequently processed. A remote attacker could use this flaw to cause a distributed denial of service, as demonstrated in the report  via "stream of spoofed DNS queries producing large results". References:  https://bugzilla.redhat.com/show_bug.cgi?id=833033 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.