Via OSS-sec:


Date: Mon, 09 Jul 2012
From: Jan Lieskovsky
Reply-To: oss-security


Hello Kurt, Steve, vendors,

  David Woodhouse reported a deficiency in the way dnsmasq,
a lightweight, easy to configure DNS forwarder and DHCP server,
when being run under libvirt, a library providing simple
virtualization API, performed processing of packets coming
outside of virtual network set for the particular guest domain.

  When libvirt was configured to provide a range of public
IP addresses to its guest domains and dnsmasq was instructed
to discard packets originating from other interfaces, than
specified on the command line via the --bind-interface option,
those packets (coming from 'prohibited' interfaces) were not
dropped properly and subsequently processed.

  A remote attacker could use this flaw to cause a distributed
denial of service, as demonstrated in the report [1] via "stream
of spoofed DNS queries producing large results".

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=833033

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team