logo
DATABASE RESOURCES PRICING ABOUT US

dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities

Description

Simon Kelley reports: There are broadly two sets of problems. The first is subtle errors in dnsmasq's protections against the chronic weakness of the DNS protocol to cache-poisoning attacks; the Birthday attack, Kaminsky, etc.[...] the second set of errors is a good old fashioned buffer overflow in dnsmasq's DNSSEC code. If DNSSEC validation is enabled, an installation is at risk.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any dnsmasq 2.83
FreeBSD any dnsmasq-devel 2.83

Related