Bug 1988342 (CVE-2021-3672) - CVE-2021-3672 c-ares: Missing input validation of host names may lead to domain hijacking
Summary: CVE-2021-3672 c-ares: Missing input validation of host names may lead to doma...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3672
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1989425 1989426 1989427 1989429 1992221 1992222 1994398 1994399 1994400 1994401 1994942 1994943 1994963 1995019 1995020 2014523
Blocks: 1988343 1988352
TreeView+ depends on / blocked
 
Reported: 2021-07-30 10:36 UTC by Marian Rehak
Modified: 2022-05-17 09:58 UTC (History)
16 users (show)

Fixed In Version: c-ares 1.17.2
Clone Of:
Environment:
Last Closed: 2021-08-26 15:34:55 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:3400 0 None None None 2021-08-31 20:51:18 UTC
Red Hat Product Errata RHBA-2021:3478 0 None None None 2021-09-09 12:32:58 UTC
Red Hat Product Errata RHBA-2021:4731 0 None None None 2021-11-18 10:45:09 UTC
Red Hat Product Errata RHSA-2021:3280 0 None None None 2021-08-26 10:18:51 UTC
Red Hat Product Errata RHSA-2021:3281 0 None None None 2021-08-26 10:15:24 UTC
Red Hat Product Errata RHSA-2021:3623 0 None None None 2021-09-21 13:12:23 UTC
Red Hat Product Errata RHSA-2021:3638 0 None None None 2021-09-22 09:00:51 UTC
Red Hat Product Errata RHSA-2021:3639 0 None None None 2021-09-22 08:51:34 UTC
Red Hat Product Errata RHSA-2021:3666 0 None None None 2021-09-27 07:29:01 UTC
Red Hat Product Errata RHSA-2022:2043 0 None None None 2022-05-10 15:07:22 UTC

Description Marian Rehak 2021-07-30 10:36:18 UTC 
Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking).
Comment 15 Guilherme de Almeida Suckevicz 2021-08-10 18:20:48 UTC 
Created c-ares tracking bugs for this issue:

Affects: fedora-all [bug 1992221]


Created mingw-c-ares tracking bugs for this issue:

Affects: fedora-all [bug 1992222]
Comment 16 Tomas Hoger 2021-08-12 08:36:41 UTC 
c-ares upstream advisory:

https://c-ares.haxx.se/adv_20210810.html

Patch linked form the above upstream advisory:

https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch
Comment 20 errata-xmlrpc 2021-08-26 10:15:21 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:3281 https://access.redhat.com/errata/RHSA-2021:3281
Comment 21 errata-xmlrpc 2021-08-26 10:18:49 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:3280 https://access.redhat.com/errata/RHSA-2021:3280
Comment 22 Product Security DevOps Team 2021-08-26 15:34:55 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3672
Comment 23 errata-xmlrpc 2021-09-21 13:12:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3623 https://access.redhat.com/errata/RHSA-2021:3623
Comment 24 errata-xmlrpc 2021-09-22 08:51:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3639 https://access.redhat.com/errata/RHSA-2021:3639
Comment 25 errata-xmlrpc 2021-09-22 09:00:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3638 https://access.redhat.com/errata/RHSA-2021:3638
Comment 26 errata-xmlrpc 2021-09-27 07:28:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3666 https://access.redhat.com/errata/RHSA-2021:3666
Comment 27 gkamathe 2021-12-14 13:43:23 UTC 
Attack Complexity has been rated as high because an attacker would either need to have a legitimate DNS server under his control which have the malicious records with zero-bytes or trick the user into querying another rogue DNS server
Comment 28 errata-xmlrpc 2022-05-10 15:07:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2043 https://access.redhat.com/errata/RHSA-2022:2043
Note You need to log in before you can comment on or make changes to this bug.