Linux Distros Unpatched Vulnerability : CVE-2020-25686

🗓️ 18 Aug 2025 00:00:00Reported by TenableType

CVE-2020-25686 dnsmasq pre-2.83 off-path forgery via flooding pending queries data integrity risk.

Reporter	Title	Published	Views	Family All 256
Gitee	Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq	19 Oct 202117:01	–	gitee
FreeBSD	dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities	16 Sep 202000:00	–	freebsd
ALT Linux	Security fix for the ALT Linux 10 package dnsmasq version 2.83-alt1	22 Jan 202100:00	–	altlinux
Tenable Nessus	Amazon Linux 2 : dnsmasq (ALAS-2021-1587)	26 Jan 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0009: dnsmasq (ALINUX3-SA-2021:0009)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : dnsmasq (CESA-2021:0150)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : dnsmasq (RHSA-2021:0153)	26 Jan 202100:00	–	nessus
Tenable Nessus	Debian DLA-2604-1 : dnsmasq security update	23 Mar 202100:00	–	nessus
Tenable Nessus	Debian DSA-4844-1 : dnsmasq - security update	5 Feb 202100:00	–	nessus
Tenable Nessus	dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ)	19 Jan 202100:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-25686
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(251617);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/19");

  script_cve_id("CVE-2020-25686");
  script_xref(name:"CEA-ID", value:"CEA-2021-0003");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-25686");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an
    existing pending request for the same name and forwards a new request. By default, a maximum of 150
    pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name.
    This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that
    it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the
    Birthday Attacks section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a
    successful attack is reduced. The highest threat from this vulnerability is to data integrity.
    (CVE-2020-25686)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-25686");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25686");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dnsmasq");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "dnsmasq"},
          {"reference": "dnsmasq-base"},
          {"reference": "dnsmasq-utils"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

19 Aug 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.13.7

CVSS 24.3

EPSS0.00549