*** This bug is a security vulnerability ***
Private security bug reported:
Haw Loeung reports the follow issue in dnsmasq
ubuntu@instance-lcy01:~$ host www.googleapis.com
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
www.googleapis.com is an alias for googleapis.l.google.com.
ubuntu@instance-lcy01:$ grep nameserver /etc/resolv.conf
nameserver 10.55.60.1
ubuntu@instance-lcy02:~$ host www.googleapis.com
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
www.googleapis.com is an alias for googleapis.l.google.com.
ubuntu@instance-lcy02:~$ grep nameserver /etc/resolv.conf
nameserver 10.55.32.1
[hloeung@silver ~]$ host www.googleapis.com 10.55.32.1 | grep Warning
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ host www.googleapis.com 10.55.60.1 | grep Warning
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
[hloeung@dziban ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.3
[hloeung@silver ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.3
Candidate: 2.59-4ubuntu0.3
Version table:
*** 2.59-4ubuntu0.3 0
500 https://esm.ubuntu.com/ubuntu/ precise/main amd64 Packages
[hloeung@silver ~]$ dig +tcp a www.googleapis.com @10.55.32.1
;; Warning: Message parser reports malformed message packet.
...
;; WARNING: Messages has 109 extra bytes at end
...
;; MSG SIZE rcvd: 157
[hloeung@silver ~]$ sudo strace -f -p 2418 -s 10240000 2>&1 | grep googleapis
-B3 -A3
[pid 11479] getpeername(10, {sa_family=AF_INET, sin_port=htons(33976),
sin_addr=inet_addr("10.55.32.1")}, [16]) = 0
[pid 11479] read(10, "\0", 1) = 1
[pid 11479] read(10, "$", 1) = 1
[pid 11479] read(10,
"\334r\1\0\0\1\0\0\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1", 36) = 36
[pid 11479] write(10, "\0", 1) = 1
[pid 11479] write(10, "\235", 1) = 1
[pid 11479] write(10,
"\334r\201\200\0\1\0\6\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1\300\f\0\5\0\1\0\0\10\2\0\35\ngoogleapis.\1l.\6google.\3com\0\0\3000\0\1\0\1\0\0\0%\0\4\330:\301J\3000\0\1\0\1\0\0\0%\0\4\254\331\3\312\3000\0\1\0\1\0\0\0%\0\4\254\331\3\252\3000\0\1\0\1\0\0\0%\0\4\330:\330\252\3000\0\1\0\1\0\0\0%\0\4\330:\330\212",
157) = 157
[pid 11479] read(10, "", 1) = 0
[pid 11479] shutdown(10, 2 /* send and receive */) = 0
[pid 11479] close(10) = 0
--
[pid 11491] getpeername(10, {sa_family=AF_INET, sin_port=htons(54452),
sin_addr=inet_addr("10.55.32.1")}, [16]) = 0
[pid 11491] read(10, "\0", 1) = 1
[pid 11491] read(10, "$", 1) = 1
[pid 11491] read(10,
"\352t\1\0\0\1\0\0\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1", 36) = 36
[pid 11491] write(10, "\0", 1) = 1
[pid 11491] write(10, "\235", 1) = 1
[pid 11491] write(10,
"\352t\201\200\0\1\0\6\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1\300\f\0\5\0\1\0\0\10\1\0\35\ngoogleapis.\1l.\6google.\3com\0\0\3000\0\1\0\1\0\0\0$\0\4\330:\301J\3000\0\1\0\1\0\0\0$\0\4\254\331\3\312\3000\0\1\0\1\0\0\0$\0\4\254\331\3\252\3000\0\1\0\1\0\0\0$\0\4\330:\330\252\3000\0\1\0\1\0\0\0$\0\4\330:\330\212",
157) = 157
[pid 11491] read(10, "", 1) = 0
[pid 11491] shutdown(10, 2 /* send and receive */) = 0
[pid 11491] close(10) = 0
^C
157 bytes (= 157 from strace)
Junien has also seen this with a tcpdump:
https://pastebin.canonical.com/204043/
For now, I've downgraded to dnsmasq-base to 2.59-4ubuntu0.2:
[hloeung@silver ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.2
Candidate: 2.59-4ubuntu0.3
Version table:
2.59-4ubuntu0.3 0
500 https://esm.ubuntu.com/ubuntu/ precise/main amd64 Packages
*** 2.59-4ubuntu0.2 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
100 /var/lib/dpkg/status
[hloeung@dziban ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.2
Candidate: 2.59-4ubuntu0.3
Version table:
2.59-4ubuntu0.3 0
500 https://esm.ubuntu.com/ubuntu/ precise/main amd64 Packages
*** 2.59-4ubuntu0.2 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
100 /var/lib/dpkg/status
** Affects: dnsmasq (Ubuntu)
Importance: Medium
Assignee: Leonidas S. Barbosa (leosilvab)
Status: In Progress
** Changed in: dnsmasq (Ubuntu)
Status: New => In Progress
** Information type changed from Public to Private Security
** Changed in: dnsmasq (Ubuntu)
Importance: Undecided => Medium
** Changed in: dnsmasq (Ubuntu)
Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1741262
Title:
regression in dnsmasq breaks DNS resolution for precise ESM
Status in dnsmasq package in Ubuntu:
In Progress
Bug description:
Haw Loeung reports the follow issue in dnsmasq
ubuntu@instance-lcy01:~$ host www.googleapis.com
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
www.googleapis.com is an alias for googleapis.l.google.com.
ubuntu@instance-lcy01:$ grep nameserver /etc/resolv.conf
nameserver 10.55.60.1
ubuntu@instance-lcy02:~$ host www.googleapis.com
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
www.googleapis.com is an alias for googleapis.l.google.com.
ubuntu@instance-lcy02:~$ grep nameserver /etc/resolv.conf
nameserver 10.55.32.1
[hloeung@silver ~]$ host www.googleapis.com 10.55.32.1 | grep Warning
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@silver ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ host www.googleapis.com 10.55.60.1 | grep Warning
;; Warning: Message parser reports malformed message packet.
;; Warning: Message parser reports malformed message packet.
[hloeung@dziban ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ host www.googleapis.com 10.55.59.1 | grep Warning
[hloeung@dziban ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.3
[hloeung@silver ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.3
Candidate: 2.59-4ubuntu0.3
Version table:
*** 2.59-4ubuntu0.3 0
500 https://esm.ubuntu.com/ubuntu/ precise/main amd64 Packages
[hloeung@silver ~]$ dig +tcp a www.googleapis.com @10.55.32.1
;; Warning: Message parser reports malformed message packet.
...
;; WARNING: Messages has 109 extra bytes at end
...
;; MSG SIZE rcvd: 157
[hloeung@silver ~]$ sudo strace -f -p 2418 -s 10240000 2>&1 | grep googleapis
-B3 -A3
[pid 11479] getpeername(10, {sa_family=AF_INET, sin_port=htons(33976),
sin_addr=inet_addr("10.55.32.1")}, [16]) = 0
[pid 11479] read(10, "\0", 1) = 1
[pid 11479] read(10, "$", 1) = 1
[pid 11479] read(10,
"\334r\1\0\0\1\0\0\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1", 36) = 36
[pid 11479] write(10, "\0", 1) = 1
[pid 11479] write(10, "\235", 1) = 1
[pid 11479] write(10,
"\334r\201\200\0\1\0\6\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1\300\f\0\5\0\1\0\0\10\2\0\35\ngoogleapis.\1l.\6google.\3com\0\0\3000\0\1\0\1\0\0\0%\0\4\330:\301J\3000\0\1\0\1\0\0\0%\0\4\254\331\3\312\3000\0\1\0\1\0\0\0%\0\4\254\331\3\252\3000\0\1\0\1\0\0\0%\0\4\330:\330\252\3000\0\1\0\1\0\0\0%\0\4\330:\330\212",
157) = 157
[pid 11479] read(10, "", 1) = 0
[pid 11479] shutdown(10, 2 /* send and receive */) = 0
[pid 11479] close(10) = 0
--
[pid 11491] getpeername(10, {sa_family=AF_INET, sin_port=htons(54452),
sin_addr=inet_addr("10.55.32.1")}, [16]) = 0
[pid 11491] read(10, "\0", 1) = 1
[pid 11491] read(10, "$", 1) = 1
[pid 11491] read(10,
"\352t\1\0\0\1\0\0\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1", 36) = 36
[pid 11491] write(10, "\0", 1) = 1
[pid 11491] write(10, "\235", 1) = 1
[pid 11491] write(10,
"\352t\201\200\0\1\0\6\0\0\0\0\3www\ngoogleapis\3com\0\0\1\0\1\300\f\0\5\0\1\0\0\10\1\0\35\ngoogleapis.\1l.\6google.\3com\0\0\3000\0\1\0\1\0\0\0$\0\4\330:\301J\3000\0\1\0\1\0\0\0$\0\4\254\331\3\312\3000\0\1\0\1\0\0\0$\0\4\254\331\3\252\3000\0\1\0\1\0\0\0$\0\4\330:\330\252\3000\0\1\0\1\0\0\0$\0\4\330:\330\212",
157) = 157
[pid 11491] read(10, "", 1) = 0
[pid 11491] shutdown(10, 2 /* send and receive */) = 0
[pid 11491] close(10) = 0
^C
157 bytes (= 157 from strace)
Junien has also seen this with a tcpdump:
https://pastebin.canonical.com/204043/
For now, I've downgraded to dnsmasq-base to 2.59-4ubuntu0.2:
[hloeung@silver ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.2
Candidate: 2.59-4ubuntu0.3
Version table:
2.59-4ubuntu0.3 0
500 https://esm.ubuntu.com/ubuntu/ precise/main amd64 Packages
*** 2.59-4ubuntu0.2 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
100 /var/lib/dpkg/status
[hloeung@dziban ~]$ apt-cache policy dnsmasq-base
dnsmasq-base:
Installed: 2.59-4ubuntu0.2
Candidate: 2.59-4ubuntu0.3
Version table:
2.59-4ubuntu0.3 0
500 https://esm.ubuntu.com/ubuntu/ precise/main amd64 Packages
*** 2.59-4ubuntu0.2 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1741262/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
