#VU14310 DNS attack in mitmproxy - CVE-2018-14505

Cybersecurity Help s.r.o.

Published: 2018-08-10 | Updated: 2018-08-10

Vulnerability identifier: #VU14310

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-14505

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
mitmproxy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Python.org

Description
The vulnerability allows a remote attacker to conduct DNS attack.

The weakness exists due to insufficient protection against DNS rebinding in the mitmweb interface. A remote attacker can create a specially crafted website, set the scripts config option, gain access to the sniffed data or run arbitrary Python scripts on the filesystem to manipulate DNS information.

Mitigation
Update to version 4.0.4.

Vulnerable software versions

mitmproxy: 4.0.3

External links
https://github.com/mitmproxy/mitmproxy/issues/3234

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for python-mitmproxy

DNS attack in mitmproxy