Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-14494

Опубликовано: 02 окт. 2017
Источник: redhat
CVSS3: 6.5
CVSS2: 7.8
EPSS Средний

Описание

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.

Отчет

Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected. However, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5dnsmasqNot affected
Red Hat Enterprise Linux 6dnsmasqNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)dnsmasqNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)dnsmasqNot affected
Red Hat OpenStack Platform 10 (Newton)dnsmasqNot affected
Red Hat OpenStack Platform 11 (Ocata)dnsmasqNot affected
Red Hat OpenStack Platform 12 (Pike)dnsmasqNot affected
Red Hat OpenStack Platform 8 (Liberty)dnsmasqNot affected
Red Hat OpenStack Platform 9 (Mitaka)dnsmasqNot affected
Red Hat Enterprise Linux 7dnsmasqFixedRHSA-2017:283602.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1495412dnsmasq: information leak in the DHCPv6 relay code

EPSS

Процентиль: 94%
0.15405
Средний

6.5 Medium

CVSS3

7.8 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-14494

CVSS3: 5.9
ubuntu
около 8 лет назад

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

nvd логотип

CVE-2017-14494

CVSS3: 5.9
nvd
около 8 лет назад

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

debian логотип

CVE-2017-14494

CVSS3: 5.9
debian
около 8 лет назад

dnsmasq before 2.78, when configured as a relay, allows remote attacke ...

github логотип

GHSA-p5vm-j7g2-h6cx

CVSS3: 5.9
github
больше 3 лет назад

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

fstec логотип

BDU:2018-00110

CVSS3: 5.9
fstec
около 8 лет назад

Уязвимость DNS-сервера dnsmasq, связанная с недостатками обработки перенаправленных DHCPv6-запросов, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 94%
0.15405
Средний

6.5 Medium

CVSS3

7.8 High

CVSS2