Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-161
HistoryMar 02, 2013 - 4:49 p.m.

Medium: dnsmasq

2013-03-0216:49:00
alas.aws.amazon.com
17

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

Issue Overview:

It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. (CVE-2012-3411)

Affected Packages:

dnsmasq

Issue Correction:
Run yum update dnsmasq to update your system.

New Packages:

i686:  
    dnsmasq-2.48-13.9.amzn1.i686  
    dnsmasq-debuginfo-2.48-13.9.amzn1.i686  
    dnsmasq-utils-2.48-13.9.amzn1.i686  
  
src:  
    dnsmasq-2.48-13.9.amzn1.src  
  
x86_64:  
    dnsmasq-2.48-13.9.amzn1.x86_64  
    dnsmasq-utils-2.48-13.9.amzn1.x86_64  
    dnsmasq-debuginfo-2.48-13.9.amzn1.x86_64

Additional References

Red Hat: CVE-2012-3411

Mitre: CVE-2012-3411

Related

nessus 20
openvas 24
centos 2
fedora 4
redhat 3
prion 2
ubuntucve 2
oraclelinux 2
cve 2
debiancve 2
veracode 1
gentoo 1
osv 16
nessus
nessus
Oracle Linux 6 : dnsmasq (ELSA-2013-0277)
2013-07-12 00:00:00
Amazon Linux AMI : dnsmasq (ALAS-2013-161)
2013-09-04 00:00:00
Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20130221)
2013-03-01 00:00:00
openvas
openvas
CentOS Update for libvirt CESA-2013:0276 centos6
2013-03-12 00:00:00
Oracle: Security Advisory (ELSA-2013-0277)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-161)
2015-09-08 00:00:00
centos
centos
dnsmasq security update
2013-02-27 19:34:22
libvirt security update
2013-02-27 19:36:11
fedora
fedora
[SECURITY] Fedora 18 Update: libvirt-0.10.2.2-3.fc18
2012-12-20 05:38:21
[SECURITY] Fedora 17 Update: dnsmasq-2.63-1.fc17
2012-09-12 00:31:29
[SECURITY] Fedora 17 Update: libvirt-0.9.11.8-2.fc17
2013-01-03 07:24:39
redhat
redhat
(RHSA-2013:0276) Moderate: libvirt security, bug fix, and enhancement update
2013-02-21 00:00:00
(RHSA-2013:0277) Moderate: dnsmasq security, bug fix and enhancement update
2013-02-21 00:00:00
(RHSA-2013:0579) Important: rhev-hypervisor6 security, bug fix, and enhancement update
2013-02-28 00:00:00
prion
prion
Code injection
2013-03-05 21:38:00
Code injection
2013-03-05 21:38:00
ubuntucve
ubuntucve
CVE-2012-3411
2013-03-05 00:00:00
CVE-2013-0198
2013-03-05 00:00:00
oraclelinux
oraclelinux
dnsmasq security, bug fix and enhancement update
2013-02-22 00:00:00
libvirt security, bug fix, and enhancement update
2013-02-27 00:00:00
cve
cve
CVE-2012-3411
2013-03-05 21:38:00
CVE-2013-0198
2013-03-05 21:38:00
debiancve
debiancve
CVE-2012-3411
2013-03-05 21:38:00
CVE-2013-0198
2013-03-05 21:38:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:56:53
gentoo
gentoo
Dnsmasq: Denial of Service
2014-06-25 00:00:00
osv
osv
CVE-2022-0897
2022-03-25 19:15:10
CVE-2020-12430
2020-04-28 20:15:12
CVE-2018-6764
2018-02-23 17:29:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON
Related for ALAS-2013-161
nessus20openvas24centos2fedora4redhat3prion2ubuntucve2oraclelinux2cve2debiancve2veracode1gentoo1osv16