Re: [Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
Am 08.10.18 um 03:58 schrieb Mouath Ibrahim: > Hello, > > I ran the PoC supplied by Google research team found here: https://github.com/ > google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/ > CVE-2017-14495.py > > and noticed immediately that dnsmasq process uses up 100% CPU usage and stops > responding to queries short after based on the original CVE the effect was > high memory usage but in this cause it was not. > > note dnsmasq didn't have any of these options set "--add-mac, --add-cpe-id or > --add-subnet". Can't reproduce on 2.79 with add-subnet=24,96 in the conf file. While the attack is ongoing, dnsmasq is slow to respond (seconds), but returns to normal once I terminate the .py script. I don't see a denial of service. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
Am 09.10.18 um 10:45 schrieb Mouath Ibrahim: > > dnsmasq couldn't resolve anything and eventually i had to stop it. cpu > overheats quick. If your CPU "overheats", you have hardware and system design issues, and you need to fix those first independently. First thing to do is make sure your system survives the prime95/mprime torture test for many hours before testing anything else. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
On Monday, October 8, 2018 2:24:59 AM CDT Kevin Darbyshire-Bryant wrote: > > On 8 Oct 2018, at 02:58, Mouath Ibrahim wrote: > > > > Hello, > > > > I ran the PoC supplied by Google research team found here: > > https://github.com/ > > google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/ > > CVE-2017-14495.py > > > > and noticed immediately that dnsmasq process uses up 100% CPU usage and > > stops responding to queries short after based on the original CVE the > > effect was high memory usage but in this cause it was not. > > > > note dnsmasq didn't have any of these options set "--add-mac, --add-cpe-id > > or --add-subnet". > > > > Regards, > > Mouath Ibrahim > > I am unable to reproduce. Against which version/s of dnsmasq did you try? > > > Cheers, > > Kevin D-B > > 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A I'm using 2.79 on arch linux machine with an i5 @ 2.53GHz and a patched version from the Pi-Hole team v4.0 that is a forked from 2.79, this one is running on my raspberry pi 3 I've also tested it on a manjaro linux and ended up crashing kde for me, something with the bus could be not related. I mainly run unbound as a recursive resolver so I thought that could be the cause but it wasn't. I set up both machines (pi and arch) to use 8.8.8.8 and 1.1.1.1 as upstream and ran 3rd on my desktop to forward queries to both of them. dnsmasq couldn't resolve anything and eventually i had to stop it. cpu overheats quick. wish I can give more details, but I'm no expert. Mouath ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
> On 8 Oct 2018, at 02:58, Mouath Ibrahim wrote: > > Hello, > > I ran the PoC supplied by Google research team found here: https://github.com/ > google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/ > CVE-2017-14495.py > > and noticed immediately that dnsmasq process uses up 100% CPU usage and stops > responding to queries short after based on the original CVE the effect was > high memory usage but in this cause it was not. > > note dnsmasq didn't have any of these options set "--add-mac, --add-cpe-id or > --add-subnet". > > Regards, > Mouath Ibrahim I am unable to reproduce. Against which version/s of dnsmasq did you try? Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
Hello, I ran the PoC supplied by Google research team found here: https://github.com/ google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/ CVE-2017-14495.py and noticed immediately that dnsmasq process uses up 100% CPU usage and stops responding to queries short after based on the original CVE the effect was high memory usage but in this cause it was not. note dnsmasq didn't have any of these options set "--add-mac, --add-cpe-id or --add-subnet". Fun note: run a local dnsmasq and set upstream to multiple dnsmasq servers, local dnsmasq will forward these queries and cause the same effect dnsmasq: forwarded query to 10.0.0.20 dnsmasq: forwarded query to 10.0.0.7 dnsmasq: forwarded query to 10.0.0.25 dnsmasq: forwarded query to 10.0.0.20 dnsmasq: forwarded query to 10.0.0.7 dnsmasq: forwarded query to 10.0.0.25 Regards, Mouath Ibrahim ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
