oss-sec mailing list archives

Re: Questionable CVE's reported against dnsmasq

From: Michael Orlitzky <michael () orlitzky com>
Date: Mon, 27 Oct 2025 17:40:00 -0400

On 2025-10-27 19:21:54, Moritz Mühlenhoff wrote:

On Mon, Oct 27, 2025 at 09:34:03AM -0700, Alan Coopersmith wrote:

Among the new CVE's published this weekend were these from the VulDB CNA:

For all three bugs, the documented "exploit" requires "Replace the default
configuration file (/etc/dnsmasq.conf) with the provided malicious file."
and if you can replace the server's configuration file you don't need to
play games with putting invalid contents in to break the parser, but can
simply change the configuration directly.


The same nonsense also happened for the Kamailio SIP server (CVE-2025-12204,
CVE-2025-12205, CVE-2025-12206 and CVE-2025-12207).


Config parser exploits are not necessarily bogus. The admin might
allow group/ACL edits to the configuration files knowing that it
allows group members to torch the service in question, while, at the
same time, not trusting those group members to execute arbitrary
commands as root.

If the daemon is launched as an unprivileged user (before reading the
config file) the risk is minimized, but often that isn't the case when
you want to bind to privileged ports or read private keys that are
defined in the config file.

Current thread:

Re: Questionable CVE's reported against dnsmasq, (continued)
- - - Re: Questionable CVE's reported against dnsmasq Sebastian Pipping (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Matthew Fernandez (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Eli Schwartz (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Stuart Henderson (Oct 28)
    - Re: Questionable CVE's reported against dnsmasq Salvatore Bonaccorso (Oct 29)
    - Re: Questionable CVE's reported against dnsmasq Petr Menšík (Oct 31)
    - Re: Questionable CVE's reported against dnsmasq Sebastian Pipping (Oct 31)
  - Re: Questionable CVE's reported against dnsmasq Jeffrey Walton (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Moritz Mühlenhoff (Oct 27)
  - Re: Questionable CVE's reported against dnsmasq Collin Funk (Oct 27)
  - Re: Questionable CVE's reported against dnsmasq Michael Orlitzky (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Hank Leininger (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Douglas Bagnall (Oct 29)
    - Re: Questionable CVE's reported against dnsmasq Art Manion (Oct 31)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Oct 31)
    - Re: Questionable CVE's reported against dnsmasq Art Manion (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Collin Funk (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Jeremy Stanley (Nov 02)

(Thread continues...)