Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202004-24: libmicrodns: multiple issues

    Date
    161
    Posted By
    The package libmicrodns before version 0.1.2-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure.
    Arch Linux Security Advisory ASA-202004-24
    ==========================================
    
    Severity: Critical
    Date    : 2020-04-30
    CVE-ID  : CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077
              CVE-2020-6078 CVE-2020-6079 CVE-2020-6080
    Package : libmicrodns
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1136
    
    Summary
    =======
    
    The package libmicrodns before version 0.1.2-1 is vulnerable to
    multiple issues including arbitrary code execution, denial of service
    and information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 0.1.2-1.
    
    # pacman -Syu "libmicrodns>=0.1.2-1"
    
    The problems have been fixed upstream in version 0.1.2.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-6071 (denial of service)
    
    An exploitable denial-of-service vulnerability exists in the resource
    record-parsing functionality of Videolabs libmicrodns 0.1.0. When
    parsing compressed labels in mDNS messages, the compression pointer is
    followed without checking for recursion, leading to a denial of
    service. An attacker can send an mDNS message to trigger this
    vulnerability.
    
    - CVE-2020-6072 (arbitrary code execution)
    
    An exploitable code execution vulnerability exists in the label-parsing
    functionality of Videolabs libmicrodns 0.1.0. When parsing compressed
    labels in mDNS messages, the rr_decode function's return value is not
    checked, leading to a double free that could be exploited to execute
    arbitrary code. An attacker can send an mDNS message to trigger this
    vulnerability.
    
    - CVE-2020-6073 (information disclosure)
    
    An exploitable denial-of-service vulnerability exists in the TXT
    record-parsing functionality of Videolabs libmicrodns 0.1.0. When
    parsing the RDATA section in a TXT record in mDNS messages, multiple
    integer overflows can be triggered, leading to a denial of service. An
    attacker can send an mDNS message to trigger this vulnerability.
    
    - CVE-2020-6077 (information disclosure)
    
    An exploitable denial-of-service vulnerability exists in the message-
    parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS
    messages, the implementation does not properly keep track of the
    available data in the message, possibly leading to an out-of-bounds
    read that would result in a denial of service. An attacker can send an
    mDNS message to trigger this vulnerability.
    
    - CVE-2020-6078 (denial of service)
    
    An exploitable denial-of-service vulnerability exists in the message-
    parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS
    messages in mdns_recv, the return value of the mdns_read_header
    function is not checked, leading to an uninitialized variable usage
    that eventually results in a null pointer dereference, leading to
    service crash. An attacker can send a series of mDNS messages to
    trigger this vulnerability.
    
    - CVE-2020-6079 (denial of service)
    
    Multiple exploitable denial-of-service vulnerabilities exist in the
    resource allocation handling of Videolabs libmicrodns 0.1.0. When
    encountering errors while parsing mDNS messages, some allocated data is
    not freed, possibly leading to a denial-of-service condition via
    resource exhaustion. An attacker can send one mDNS message repeatedly
    to trigger these vulnerabilities.
    
    - CVE-2020-6080 (denial of service)
    
    Multiple exploitable denial-of-service vulnerabilities exist in the
    resource allocation handling of Videolabs libmicrodns 0.1.0. When
    encountering errors while parsing mDNS messages, some allocated data is
    not freed, possibly leading to a denial-of-service condition via
    resource exhaustion. An attacker can send one mDNS message repeatedly
    to trigger these vulnerabilities.
    
    Impact
    ======
    
    A remote attacker can provide crafted DNS responses to crash the
    service, disclose data or execute arbitrary code.
    
    References
    ==========
    
    https://github.com/videolabs/libmicrodns/releases/tag/0.1.1
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994
    https://github.com/videolabs/libmicrodns/commit/0103f40371cd6e5f034d1ea5674cd33316fef518
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
    https://github.com/videolabs/libmicrodns/commit/219b180c3cea9ad674a5512412fbd75592f61aa7
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996
    https://github.com/videolabs/libmicrodns/commit/f0e8a723ef2d0a7ef9e200a8fd7c561d4695c5cf
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
    https://github.com/videolabs/libmicrodns/commit/80860fad7e046959b730a0e37fd8d6ad955682ec
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001
    https://github.com/videolabs/libmicrodns/commit/4fb18284bea9a4f5eaf7745d72965b9b24e27d61
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
    https://github.com/videolabs/libmicrodns/commit/9768bdbeb8ea6b7849a97af4362d1b5184352cee
    https://security.archlinux.org/CVE-2020-6071
    https://security.archlinux.org/CVE-2020-6072
    https://security.archlinux.org/CVE-2020-6073
    https://security.archlinux.org/CVE-2020-6077
    https://security.archlinux.org/CVE-2020-6078
    https://security.archlinux.org/CVE-2020-6079
    https://security.archlinux.org/CVE-2020-6080
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.