Published: 20/01/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an malicious user to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Vulnerable Product	Search on Vulmon	Subscribe to Product
thekelleys dnsmasq
fedoraproject fedora 32
fedoraproject fedora 33
debian debian linux 9.0
debian debian linux 10.0
arista eos

Moshe Kol and Shlomi Oberman of JSOF discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server They could result in denial of service, cache poisoning or the execution of arbitrary code For the stable distribution (buster), these problems have been fixed in version 280-1+deb10u1 We recommend that you upgrade ...

A flaw was found in dnsmasq When getting a reply from a forwarded query, dnsmasq checks in the forwardc:reply_query() if the reply destination address/port is used by the pending forwarded queries However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the netw ...

Synopsis Moderate: dnsmasq security update Type/Severity Security Advisory: Moderate Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 73 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Moderate: dnsmasq security update Type/Severity Security Advisory: Moderate Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Moderate: dnsmasq security update Type/Severity Security Advisory: Moderate Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Moderate: dnsmasq security update Type/Severity Security Advisory: Moderate Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Important: dnsmasq security update Type/Severity Security Advisory: Important Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Moderate: dnsmasq security update Type/Severity Security Advisory: Moderate Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: OpenShift Container Platform 4433 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4433 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release also includes a ...

Synopsis Moderate: dnsmasq security update Type/Severity Security Advisory: Moderate Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Sol ...

Synopsis Important: dnsmasq security update Type/Severity Security Advisory: Important Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: dnsmasq security update Type/Severity Security Advisory: Important Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4313 Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this u ...

Synopsis Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-444] Type/Severity Security Advisory: Important Topic An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterpri ...

A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021 The vulnerabilities are collectively known as DNSpooq Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that c ...

A flaw was found when getting a reply from a forwarded query, where dnsmasq before version 283 checks in forwardc:reply_query() if the reply destination address/port is used by the pending forwarded queries However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker o ...

oss-sec mailing list archives   By Date By Thread </form>    Multiple CVEs in dnsmasq fixed in version 283   From: Riccardo Schirone ...

DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compose Docker Exploit Launch containers $ docker-compose up -d Run exploitpy $ docker-compose exec attacker bash bash-50# python exploitpy Querying non-cached names Generating spoofed p

multironic Requirements: CentOS9-20220330 4c / 16gb / 100gb Install libvirt and prepare nodes sudo dnf -y install qemu-kvm libvirt virt-install sudo systemctl enable --now libvirtd Create a pool sudo mkdir /opt/mypool <pool type='dir'> <name>mypool</name> <target>

Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws

The Register • Thomas Claburn in San Francisco • 20 Jan 2021

Get your updates when you can for gear from scores of manufacturers Two clichés, one headline: 'No good deed goes unpunished' and 'It's always DNS'

Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices. The flaws, collectively dubbed DNSpooq, were revealed on Tuesday by Israel-based security firm JSOF at the conclusion of a five-month coordinated disclosure period. The bugs are believed to affect products from more than 40 IT vendors, including Cisco, Comcast, Google, Netgear, Red Hat, and Ubiquiti, and major Linux dis...

CVE-2020-25684

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect