CVE-2006-2017
published 2006-04-25CVE-2006-2017: Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
PriorityP415medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.80%
75.7th percentile
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.30-1 (bookworm) | dnsmasq 2.30-1 (bookworm) |
| dnsmasq | dnsmasq | — | — |
| thekelleys | dnsmasq | >= 0 < 2.30-1 | 2.30-1 |
| thekelleys | dnsmasq | >= 0 < 2.30-1 | 2.30-1 |
| thekelleys | dnsmasq | >= 0 < 2.30-1 | 2.30-1 |
| thekelleys | dnsmasq | >= 0 < 2.30-1 | 2.30-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_redhat7.8HIGH
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c65g-3xxp-xxjh: Dnsmasq 2
ghsa_unreviewed·2022-05-01
CVE-2006-2017 [MEDIUM] GHSA-c65g-3xxp-xxjh: Dnsmasq 2
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
OSV
CVE-2006-2017: Dnsmasq 2
osv·2006-04-25·CVSS 5.0
CVE-2006-2017 [MEDIUM] CVE-2006-2017: Dnsmasq 2
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
Red Hat
glibc: Buffer overflow triggerable via LD_LIBRARY_PATH
vendor_redhat·2017-12-11·CVSS 7.8
CVE-2017-1000409 [HIGH] CWE-120 glibc: Buffer overflow triggerable via LD_LIBRARY_PATH
glibc: Buffer overflow triggerable via LD_LIBRARY_PATH
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Statement: This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5, 6 and 7 after CVE-2017-1000366 fix:
https://access.redhat.com/security/cve/cve-2017-1000366
Package: compat-glibc (Red Hat Enterprise Linux 5) - Not affected
Package: glibc (Red Hat Enterprise Linux 5) - Not affected
Package: compat-glibc (Red Hat Enterprise Linux 6) - Not affected
Package: glibc (Red Hat Enterprise Linux 6) - Not affected
Package: compat-glibc (Red Hat Enterprise Linux 7) -
Red Hat
openssl: Malformed X.509 IPAdressFamily could cause OOB read
vendor_redhat·2017-08-28·CVSS 5.3
CVE-2017-3735 [MEDIUM] CWE-125 openssl: Malformed X.509 IPAdressFamily could cause OOB read
openssl: Malformed X.509 IPAdressFamily could cause OOB read
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Statement: This flaw only exhibits itself when:
1. OpenSSL is used to display details of a local or a remote certificate.
2. The certificate contains the uncommon RFC 3779 IPAddressFamily extension.
The maximum impact of this flaw is garbled information being displayed, there is no impact on the availability of service using such a certificate. Also this flaw can NOT be used to create specially-crafted certificates. Red Hat Product Security has rated
Debian
CVE-2006-2017: dnsmasq - Dnsmasq 2.29 allows remote attackers to cause a denial of service (application c...
vendor_debian·2006·CVSS 5.0
CVE-2006-2017 [MEDIUM] CVE-2006-2017: dnsmasq - Dnsmasq 2.29 allows remote attackers to cause a denial of service (application c...
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
Scope: local
bookworm: resolved (fixed in 2.30-1)
bullseye: resolved (fixed in 2.30-1)
forky: resolved (fixed in 2.30-1)
sid: resolved (fixed in 2.30-1)
trixie: resolved (fixed in 2.30-1)
No detection rules found.
Exploit-DB
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
exploitdb·2017-12-13·CVSS 7.8
CVE-2017-1000409 [HIGH] GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
---
Qualys Security Advisory
Buffer overflow in glibc's ld.so
Contents
Summary
Memory Leak
Buffer Overflow
Exploitation
Acknowledgments
Summary
We have discovered a memory leak and a buffer overflow in the dynamic
loader (ld.so) of the GNU C Library (glibc):
- the memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1
(released on May 24, 1999) and can be reached and amplified through
the LD_HWCAP_MASK environment variable;
- the buffer overflow (CVE-2017-1000409) first appeared in glibc 2.5
(released on September 29, 2006) and can be triggered through the
LD_LIBRARY_PATH environment variable.
Further investigation showed that:
- the buffer overflow is not exploitable if
/proc/sys/fs/protected_hardl
Exploit-DB
OpenSSL 1.1.0 - Remote Client Denial of Service
exploitdb·2017-01-26·CVSS 7.5
CVE-2017-3730 [HIGH] OpenSSL 1.1.0 - Remote Client Denial of Service
OpenSSL 1.1.0 - Remote Client Denial of Service
---
// Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/
/*
* SSL server demonstration program
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for
http://secunia.com/advisories/19760http://thekelleys.org.uk/dnsmasq/CHANGELOGhttp://www.osvdb.org/24884http://www.securityfocus.com/bid/17662http://www.vupen.com/english/advisories/2006/1494https://exchange.xforce.ibmcloud.com/vulnerabilities/26005http://secunia.com/advisories/19760http://thekelleys.org.uk/dnsmasq/CHANGELOGhttp://www.osvdb.org/24884http://www.securityfocus.com/bid/17662http://www.vupen.com/english/advisories/2006/1494https://exchange.xforce.ibmcloud.com/vulnerabilities/26005
2006-04-25
Published