CVE-2013-0198: Input Validation
First published: Fri Jan 11 2013(Updated: )
Description of problem: On my workstation, as a virtual machine host, I have NetworkManager's dnsmasq configured to forward DNS queries for a local domain to 192.168.122.1, so I can resolve those to virtual machine DHCP hostnames. Recently this stopped working. With manual dig commands, I found that TCP queries still work, but UDP doesn't. For example, in libvirt I have a statically defined name "vhost" to 192.168.122.1 itself. From the host, the command "dig +short +tcp @192.168.122.1 vhost" resolves that just fine. But "dig +short +notcp @192.168.122.1 vhost" says "connection timed out; no servers could be reached". From a guest, +tcp and +notcp both work fine. Version-Release number of selected component (if applicable): libvirt-0.9.11.8-2.fc17.x86_64, dnsmasq-2.63-1.fc17.x86_64 I also tried dnsmasq-2.65-1.fc17.x86_64 from updates-testing How reproducible: 100% Steps to Reproduce: 1. From the virtual machine host, try to query the libvirt dnsmasq. Actual results: $ dig +short +tcp @192.168.122.1 vhost 192.168.122.1 $ dig +short +notcp @192.168.122.1 vhost ;; connection timed out; no servers could be reached Expected results: A positive answer from both TCP and UDP queries. Additional info: I suspect this is related to the fixes for <a href="https://access.redhat.com/security/cve/CVE-2012-3411">CVE-2012-3411</a>, but it seems weird that UDP and TCP would be treated differently.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thekelleys Dnsmasq | <=2.65 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:072
- http://www.openwall.com/lists/oss-security/2013/01/18/2
- http://www.openwall.com/lists/oss-security/2013/01/18/7
- http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=22ce550e5346947a12a781ed0959a7b1165d0dc6
- https://bugzilla.redhat.com/show_bug.cgi?id=894486
- https://access.redhat.com/security/cve/CVE-2012-3411
- http://www.openwall.com/lists/oss-security/2012/07/12/5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=901555
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=682464&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=682464&action=edit
- https://access.redhat.com/security/cve/CVE-2013-0198
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c15
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=886663
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c18
- http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=22ce550e5346947a12a781ed0959a7b1165d0dc6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c19
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c21
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c22
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=886663#c6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=894486#c23
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=904940
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0198
- vendor/thekelleys
- canonical/thekelleys dnsmasq
- version/thekelleys dnsmasq/2.65