Bug 1988342 (CVE-2021-3672) - CVE-2021-3672 c-ares: Missing input validation of host names may lead to domain hijacking
Summary: CVE-2021-3672 c-ares: Missing input validation of host names may lead to doma...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3672
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1989425 1989426 1989427 1989429 1992221 1992222 1994398 1994399 1994400 1994401 1994942 1994943 1994963 1995019 1995020 2014523
Blocks: 1988343 1988352
TreeView+ depends on / blocked
 
Reported: 2021-07-30 10:36 UTC by Marian Rehak
Modified: 2022-05-17 09:58 UTC (History)
16 users (show)

Fixed In Version: c-ares 1.17.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-08-26 15:34:55 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:3400 0 None None None 2021-08-31 20:51:18 UTC
Red Hat Product Errata RHBA-2021:3478 0 None None None 2021-09-09 12:32:58 UTC
Red Hat Product Errata RHBA-2021:4731 0 None None None 2021-11-18 10:45:09 UTC
Red Hat Product Errata RHSA-2021:3280 0 None None None 2021-08-26 10:18:51 UTC
Red Hat Product Errata RHSA-2021:3281 0 None None None 2021-08-26 10:15:24 UTC
Red Hat Product Errata RHSA-2021:3623 0 None None None 2021-09-21 13:12:23 UTC
Red Hat Product Errata RHSA-2021:3638 0 None None None 2021-09-22 09:00:51 UTC
Red Hat Product Errata RHSA-2021:3639 0 None None None 2021-09-22 08:51:34 UTC
Red Hat Product Errata RHSA-2021:3666 0 None None None 2021-09-27 07:29:01 UTC
Red Hat Product Errata RHSA-2022:2043 0 None None None 2022-05-10 15:07:22 UTC

Description Marian Rehak 2021-07-30 10:36:18 UTC
Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking).

Comment 15 Guilherme de Almeida Suckevicz 2021-08-10 18:20:48 UTC
Created c-ares tracking bugs for this issue:

Affects: fedora-all [bug 1992221]


Created mingw-c-ares tracking bugs for this issue:

Affects: fedora-all [bug 1992222]

Comment 16 Tomas Hoger 2021-08-12 08:36:41 UTC
c-ares upstream advisory:

https://c-ares.haxx.se/adv_20210810.html

Patch linked form the above upstream advisory:

https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch

Comment 20 errata-xmlrpc 2021-08-26 10:15:21 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:3281 https://access.redhat.com/errata/RHSA-2021:3281

Comment 21 errata-xmlrpc 2021-08-26 10:18:49 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:3280 https://access.redhat.com/errata/RHSA-2021:3280

Comment 22 Product Security DevOps Team 2021-08-26 15:34:55 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3672

Comment 23 errata-xmlrpc 2021-09-21 13:12:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3623 https://access.redhat.com/errata/RHSA-2021:3623

Comment 24 errata-xmlrpc 2021-09-22 08:51:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3639 https://access.redhat.com/errata/RHSA-2021:3639

Comment 25 errata-xmlrpc 2021-09-22 09:00:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3638 https://access.redhat.com/errata/RHSA-2021:3638

Comment 26 errata-xmlrpc 2021-09-27 07:28:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3666 https://access.redhat.com/errata/RHSA-2021:3666

Comment 27 gkamathe 2021-12-14 13:43:23 UTC
Attack Complexity has been rated as high because an attacker would either need to have a legitimate DNS server under his control which have the malicious records with zero-bytes or trick the user into querying another rogue DNS server

Comment 28 errata-xmlrpc 2022-05-10 15:07:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2043 https://access.redhat.com/errata/RHSA-2022:2043


Note You need to log in before you can comment on or make changes to this bug.