Wednesday, January 17, 2018

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerability

Overview

Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. 

Details

Discovered by Claudio Bozzato, Yves Younan, Lilith Wyatt, and Aleksandar Nikolic of Cisco Talos.


TALOS-2017-0486 / CVE-2017-12130 is a NULL pointer dereference vulnerability in the tinysvcmdns library. The vulnerability lies in the way that tinysvcmdns parses labels in DNS requests. This issue results in a NULL pointer, which when dereferenced results in a denial of service. An attacker could trigger this vulnerability by sending a specially crafted DNS query. Full details of the vulnerability are available here.

Coverage

The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rule: 44986

No comments:

Post a Comment