Debian Bug report logs -
#490123
dnsmasq: appears to be vulnerable to cache poisoning attack CVE-2008-1447
Reported by: Hamish Moffatt <hamish@debian.org>
Date: Thu, 10 Jul 2008 00:39:01 UTC
Severity: grave
Tags: security
Found in version dnsmasq/2.42-4
Fixed in version dnsmasq/2.43-1
Done: Simon Kelley <simon@thekelleys.org.uk>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Simon Kelley <simon@thekelleys.org.uk>
:
Bug#490123
; Package dnsmasq
.
(full text, mbox, link).
Acknowledgement sent to Hamish Moffatt <hamish@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Simon Kelley <simon@thekelleys.org.uk>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dnsmasq
Version: 2.42-4
Severity: grave
Tags: security
Justification: user security hole
dnsmasq appears to be vulnerable to CVE-2008-1447, the DNS cache
poisoning exploit. From my reading of the source code and observation
with tcpdump, dnsmasq doesn't do any source port randomisation.
dnsmasq binds a UDP socket for each of the forwarding name servers when
they are added (on startup, or configuration change), then uses those
sockets forever. The source port doesn't change between queries. tcpdump
confirms this.
thanks
Hamish
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dnsmasq depends on:
ii adduser 3.108 add and remove users and groups
ii dnsmasq-base 2.42-4 A small caching DNS proxy and DHCP
ii netbase 4.32 Basic TCP/IP networking system
dnsmasq recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Simon Kelley <simon@thekelleys.org.uk>
:
Bug#490123
; Package dnsmasq
.
(full text, mbox, link).
Acknowledgement sent to Hamish Moffatt <hamish@debian.org>
:
Extra info received and forwarded to list. Copy sent to Simon Kelley <simon@thekelleys.org.uk>
.
(full text, mbox, link).
Message #10 received at 490123@bugs.debian.org (full text, mbox, reply):
This is noted at:
http://www.kb.cert.org/vuls/id/AAMN-7GDV56
And I note that Simon has announced a release candidate with a solution
at:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html
Apologies Simon, I didn't realise that you were also upstream and
obviously well aware of this issue already.
thanks,
Hamish
--
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
Reply sent to Simon Kelley <simon@thekelleys.org.uk>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Hamish Moffatt <hamish@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 490123-close@bugs.debian.org (full text, mbox, reply):
Source: dnsmasq
Source-Version: 2.43-1
We believe that the bug you reported is fixed in the latest version of
dnsmasq, which is due to be installed in the Debian FTP archive:
dnsmasq-base_2.43-1_i386.deb
to pool/main/d/dnsmasq/dnsmasq-base_2.43-1_i386.deb
dnsmasq_2.43-1.diff.gz
to pool/main/d/dnsmasq/dnsmasq_2.43-1.diff.gz
dnsmasq_2.43-1.dsc
to pool/main/d/dnsmasq/dnsmasq_2.43-1.dsc
dnsmasq_2.43-1_all.deb
to pool/main/d/dnsmasq/dnsmasq_2.43-1_all.deb
dnsmasq_2.43.orig.tar.gz
to pool/main/d/dnsmasq/dnsmasq_2.43.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 490123@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Kelley <simon@thekelleys.org.uk> (supplier of updated dnsmasq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 17 Jun 2008 11:55:38 +0000
Source: dnsmasq
Binary: dnsmasq dnsmasq-base
Architecture: source all i386
Version: 2.43-1
Distribution: unstable
Urgency: high
Maintainer: Simon Kelley <simon@thekelleys.org.uk>
Changed-By: Simon Kelley <simon@thekelleys.org.uk>
Description:
dnsmasq - A small caching DNS proxy and DHCP/TFTP server
dnsmasq-base - A small caching DNS proxy and DHCP/TFTP server
Closes: 490123
Changes:
dnsmasq (2.43-1) unstable; urgency=high
.
* New upstream.
* Implement source-port randomisation and better random
number generator as defence against CVE-2008-1447 (closes: #490123)
Files:
23803d7cab04b70dbc52a963bc3e591f 596 net optional dnsmasq_2.43-1.dsc
835329cfce668afee8cdb84c62cb76c3 376518 net optional dnsmasq_2.43.orig.tar.gz
c5443576cd4608ea9eecbe018304be3b 13610 net optional dnsmasq_2.43-1.diff.gz
280ff667d48308d629bdbacd7bda15d2 248578 net optional dnsmasq-base_2.43-1_i386.deb
af638ec70fc5afd3631fa5a653364d9a 12096 net optional dnsmasq_2.43-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFIdzEMKPyGmiibgrcRAmzaAJ9CDE6TdLutNr3csTyDZeJLjCALdACfQEWO
OA9l3jWwlLfdMJzhWSNHbG4=
=GOIN
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Simon Kelley <simon@thekelleys.org.uk>
:
Bug#490123
; Package dnsmasq
.
(full text, mbox, link).
Acknowledgement sent to Siim Põder <siim@p6drad-teel.net>
:
Extra info received and forwarded to list. Copy sent to Simon Kelley <simon@thekelleys.org.uk>
.
(full text, mbox, link).
Message #20 received at 490123@bugs.debian.org (full text, mbox, reply):
any plans to fix this for stable release as well?
siim
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#490123
; Package dnsmasq
.
(full text, mbox, link).
Acknowledgement sent to Simon Kelley <simon@thekelleys.org.uk>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #25 received at 490123@bugs.debian.org (full text, mbox, reply):
Siim Põder wrote:
> any plans to fix this for stable release as well?
>
> siim
>
>
>
A backport to Etch is about to be released.
Cheers,
Simon.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 27 Aug 2008 07:29:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:17:20 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.