GLSA-200504-03 : Dnsmasq: Poisoning and Denial of Service vulnerabilities

2005-04-06T00:00:00
ID GENTOO_GLSA-200504-03.NASL
Type nessus
Reporter Tenable
Modified 2015-04-13T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200504-03 (Dnsmasq: Poisoning and Denial of Service vulnerabilities)

Dnsmasq does not properly detect that DNS replies received do not     correspond to any DNS query that was sent. Rob Holland of the Gentoo     Linux Security Audit team also discovered two off-by-one buffer     overflows that could crash DHCP lease files parsing.

Impact :

A remote attacker could send malicious answers to insert arbitrary     DNS data into the Dnsmasq cache. These attacks would in turn help an     attacker to perform man-in-the-middle and site impersonation attacks.
The buffer overflows might allow an attacker on the local network to     crash Dnsmasq upon restart.

Workaround :

There is no known workaround at this time.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200504-03.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(17977);
  script_version("$Revision: 1.12 $");
  script_cvs_date("$Date: 2015/04/13 13:41:58 $");

  script_osvdb_id(15000, 15001);
  script_xref(name:"GLSA", value:"200504-03");

  script_name(english:"GLSA-200504-03 : Dnsmasq: Poisoning and Denial of Service vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200504-03
(Dnsmasq: Poisoning and Denial of Service vulnerabilities)

    Dnsmasq does not properly detect that DNS replies received do not
    correspond to any DNS query that was sent. Rob Holland of the Gentoo
    Linux Security Audit team also discovered two off-by-one buffer
    overflows that could crash DHCP lease files parsing.
  
Impact :

    A remote attacker could send malicious answers to insert arbitrary
    DNS data into the Dnsmasq cache. These attacks would in turn help an
    attacker to perform man-in-the-middle and site impersonation attacks.
    The buffer overflows might allow an attacker on the local network to
    crash Dnsmasq upon restart.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200504-03"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Dnsmasq users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-dns/dnsmasq-2.22'"
  );
  script_set_attribute(attribute:"risk_factor", value:"Low");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:dnsmasq");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/06");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-dns/dnsmasq", unaffected:make_list("ge 2.22"), vulnerable:make_list("lt 2.22"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Dnsmasq");
}