CVE-2012-3411: Input Validation
First published: Mon Jun 18 2012(Updated: )
I just found my home ADSL line under "attack" with a constant stream of spoofed DNS queries which produce large results, such as 'ANY' requests for 'ripe.net'. I was surprised to find that my machine was actually *responding* to these queries. I have libvirt configured to give a range of public IP addresses to its guests. The target of the attack was the host's IP address on that subnet, 81.187.2.161. It seems that your dnsmasq instance is listening on that address, but *not* correctly discarding packets which come from a different interface. Even though the --bind-interface option is set. This is the command line: /sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/net3.pid --conf-file= --except-interface lo --listen-address 81.187.2.161 --dhcp-range 81.187.2.168,81.187.2.174 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/net3.leases --dhcp-lease-max=7 --dhcp-no-override I tried using '--interface virbr1' instead of '--except-interface lo', but it still seemed to answer external queries: /sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/net3.pid --conf-file= --interface virbr1 --listen-address 81.187.2.161 --dhcp-range 81.187.2.168,81.187.2.174 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/net3.leases --dhcp-lease-max=7 --dhcp-no-override
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thekelleys Dnsmasq | <=2.62 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=592634&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=592634&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c7
- http://lists.freebsd.org/pipermail/freebsd-net/2007-March/013510.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=838528
- http://www.openwall.com/lists/oss-security/2012/07/09/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c13
- http://www.openwall.com/lists/oss-security/2012/07/12/5
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=640706&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=640706&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c31
- https://brewweb.devel.redhat.com/taskinfo?taskID=5062119
- https://brewweb.devel.redhat.com/taskinfo?taskID=5062147
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c33
- http://koji.fedoraproject.org/koji/buildinfo?buildID=361763
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c37
- https://www.redhat.com/archives/libvir-list/2012-November/msg00942.html
- https://access.redhat.com/security/cve/CVE-2012-3411
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=882309
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c39
- http://libvirt.org/formatnetwork.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c59
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=904940
- https://rhn.redhat.com/errata/RHSA-2013-0277.html
- https://rhn.redhat.com/errata/RHSA-2013-0579.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c65
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c66
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=833033#c62
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi?id=833033
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372
- http://rhn.redhat.com/errata/RHSA-2013-0276.html
- http://rhn.redhat.com/errata/RHSA-2013-0277.html
- http://rhn.redhat.com/errata/RHSA-2013-0579.html
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:072
- http://www.securityfocus.com/bid/54353
- http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
- agent/author
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2012-3411
- vendor/thekelleys
- canonical/thekelleys dnsmasq
- version/thekelleys dnsmasq/2.62
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0