CVE-2017-9103
📋 TL;DR
CVE-2017-9103 is a memory corruption vulnerability in adns DNS resolver library where improper validation in pap_mailbox822 function allows using uninitialized stack values. This can lead to crashes, memory leaks, excessive memory allocation, or potential buffer overflows. Only applications making non-raw queries for SOA or RP records are affected.
💻 Affected Systems
- adns DNS resolver library
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Leap by Opensuse
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, though this would require specific memory layout conditions
Likely Case
Denial of service through application crashes or memory exhaustion
If Mitigated
Limited impact with proper input validation and memory protections
🎯 Exploit Status
Exploitation requires specific conditions and memory layout, making reliable exploitation challenging
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.2 and later
Vendor Advisory: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git
Restart Required: Yes
Instructions:
1. Download adns 1.5.2 or later from official repository. 2. Compile and install the updated version. 3. Restart any services using adns library.
🔧 Temporary Workarounds
Disable SOA/RP queries
allConfigure applications to avoid making non-raw SOA or RP record queries
Use alternative DNS resolver
linuxReplace adns with a different DNS resolver library that is not vulnerable
🧯 If You Can't Patch
- Implement strict input validation for DNS queries in applications
- Use memory protection mechanisms like ASLR and stack canaries
🔍 How to Verify
Check if Vulnerable:
Check adns version: adns version should show version number. Versions before 1.5.2 are vulnerable.Check Version:
adns version 2>&1 | grep -i version || dpkg -l | grep adns || rpm -qa | grep adnsVerify Fix Applied:
Verify installed adns version is 1.5.2 or later using 'adns version' or package manager query📡 Detection & Monitoring
Log Indicators:
- Application crashes related to DNS resolution
- Memory allocation errors in DNS-related processes
Network Indicators:
- Unusual volume of SOA or RP DNS queries
- DNS query patterns targeting vulnerable applications
SIEM Query:
source="application_logs" AND ("adns" OR "DNS resolution") AND ("crash" OR "segmentation fault" OR "memory allocation")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/
- https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/
- https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html
