Monday, March 23, 2020

Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also
develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Videolabs to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability (TALOS-2020-0994/CVE-2020-6071)

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability (TALOS-2020-0995/CVE-2020-6072)

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the `rr_decode` function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Videolabs libmicrodns 0.1.0 TXT record RDATA-parsing denial-of-service vulnerability (TALOS-2020-0996/CVE-2020-6073)

An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability (TALOS-2020-1000/CVE-2020-6077)

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Videolabs libmicrodns 0.1.0 mdns_recv return value denial-of-service vulnerability (TALOS-2020-1001/CVE-2020-6078)

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in `mdns_recv`, the return value of the `mdns_read_header` function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Videolabs libmicrodns 0.1.0 resource allocation denial-of-service vulnerabilities (TALOS-2020-1002/CVE-2020-6079 and CVE-2020-6080)

Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger these vulnerabilities.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that Videolabs libmicrodns, version 0.1.0, is affected by these vulnerabilities.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 47811, 53071, 53046, 53099, 53102, 53103

No comments:

Post a Comment