We use cookies to help us improve our webpage. Please read our Cookie Policy.

Synology-SA-17:59 Dnsmasq

Publish Time: 2017-10-03 16:31:53 UTC+8

Last Updated: 2018-01-12 15:32:23 UTC+8

Severity
Critical
Status
Resolved

Abstract

Multiple security vulnerabilities have been found in Dnsmasq, and may allow remote attackers to execute arbitrary codes, cause denial-of-service attack, or retrieve sensitive information from a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).

These vulnerabilities do not affect Synology DiskStation Manager (DSM) on devices without a Wi-Fi dongle installed.

Severity

Affected

  • Products

    • DSM 6.1
    • DSM 6.0
    • DSM 5.2
    • SRM 1.1
  • Models

    • All Synology models

Description

  • CVE-2017-14491
    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
  • CVE-2017-14492
    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
  • CVE-2017-14493
    Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
  • CVE-2017-14494
    dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
  • CVE-2017-14495
    Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
  • CVE-2017-14496
    Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
  • CVE-2017-13704
    In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Mitigation

For an immediate workaround, please contact us at security@synology.com.

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.3-15152-6 or above, DSM 6.0 to CVE-2017-13078 or above and SRM 1.1 to 1.1.5-6542-2 or above.

For DSM 5.2 please update DSM to 6.0.3-8754-6 or above.

Reference