Lucene search

K
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.DNSMASQ_DOS-CVE-2015-3294.NASL
HistoryDec 22, 2015 - 12:00 a.m.

dnsmasq < 2.73rc4 setup_reply() Function Return Value Checking Information Disclosure

2015-12-2200:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.017 Low

EPSS

Percentile

88.0%

The remote dnsmasq server is running a version prior to 2.73rc4. It is, therefore, affected by an information disclosure vulnerability due not properly checking the return value from the setup_reply() function during TCP connections. An unauthenticated, remote attacker can exploit this to disclose sensitive information.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(87596);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id("CVE-2015-3294");
  script_bugtraq_id(74452);

  script_name(english:"dnsmasq < 2.73rc4 setup_reply() Function Return Value Checking Information Disclosure");
  script_summary(english:"Checks the version of dnsmasq.");

  script_set_attribute(attribute:"synopsis", value:
"The remote DNS / DHCP service is affected by an information disclosure
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote dnsmasq server is running a version prior to 2.73rc4. It
is, therefore, affected by an information disclosure vulnerability due
not properly checking the return value from the setup_reply() function
during TCP connections. An unauthenticated, remote attacker can
exploit this to disclose sensitive information.");
  # http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3c7d3afa");
  script_set_attribute(attribute:"see_also", value:"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG");
  script_set_attribute(attribute:"solution", value:
"Upgrade to dnsmasq 2.73rc4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3294");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:thekelleys:dnsmasq");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"DNS");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("dns_version.nasl");
  script_require_keys("dns_server/version", "Settings/ParanoidReport");
  script_require_ports("Services/dns", 53);

  exit(0);
}

include("audit.inc");
include("misc_func.inc");
include("global_settings.inc");

app_name = "dnsmasq";

port = get_kb_item("Services/udp/dns");
if (!port) port = 53;

if (report_paranoia < 2) audit(AUDIT_PARANOID);

version = get_kb_item_or_exit("dns_server/version");
version = tolower(version);

if (version !~ "dnsmasq-(v)?")
	audit(AUDIT_NOT_LISTEN, app_name, port);

if (version =~ "^dnsmasq-(v)?([0-9\.][01]+|[0-2]\.)([0-7]|[0-7][0-2]|[0-6][0-9]|[0-6][0-9](test[0-9][0-9]|rc[0-6])|[0-7][0-3](test[0-6]|rc[0-3]))$")
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : dnsmasq-2.73rc4' +
      '\n';

    security_warning(port:port, proto:"udp", extra:report);
  }
  else security_warning(port:port, proto:"udp");
}
else audit(AUDIT_INST_VER_NOT_VULN, app_name, version);
VendorProductVersionCPE
thekelleysdnsmasqcpe:/a:thekelleys:dnsmasq

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.017 Low

EPSS

Percentile

88.0%