Lucene search

K
freebsdFreeBSD5B5CF6E5-5B51-11EB-95AC-7F9491278677
HistorySep 16, 2020 - 12:00 a.m.

dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities

2020-09-1600:00:00
vuxml.freebsd.org
45

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.159

Percentile

96.0%

Simon Kelley reports:

    There are broadly two sets of problems. The first is subtle errors
    in dnsmasq's protections against the chronic weakness of the DNS
    protocol to cache-poisoning attacks; the Birthday attack, Kaminsky,
    etc.[...]
  

    the second set of errors is a good old fashioned buffer overflow in
    dnsmasq's DNSSEC code. If DNSSEC validation is enabled, an
    installation is at risk.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdnsmasq< 2.83UNKNOWN
FreeBSDanynoarchdnsmasq-devel< 2.83UNKNOWN

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.159

Percentile

96.0%