Lucene search

K
redhatRedHatRHSA-2021:0154
HistoryJan 19, 2021 - 12:37 p.m.

(RHSA-2021:0154) Moderate: dnsmasq security update

2021-01-1912:37:20
CWE-290
access.redhat.com
72
dnsmasq
security update
address/port check
query name check
off-path attacker
cve-2020-25684
cve-2020-25685
cve-2020-25686

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

0.011

Percentile

85.3%

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

  • dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)

  • dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)

  • dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatdnsmasqRange2.76-16.el7_9.1
OR
redhatdnsmasq-0Range2.66-14.el7_2.3
OR
redhatdnsmasq-0Range2.66-21.el7_3.3
OR
redhatdnsmasq-0Range2.76-2.el7_4.3
OR
redhatdnsmasq-0Range2.76-7.el7_6.2
OR
redhatdnsmasq-0Range2.76-10.el7_7.2
OR
redhatdnsmasqRange2.79-13.el8_3.1
OR
redhatdnsmasq-0Range2.79-6.el8_1.1
OR
redhatdnsmasq-0Range2.79-11.el8_2.2
OR
redhatvirtualization_hostRange4.3.13-20210127.0.el7_9
OR
redhatvirtualization_hostRange4.4.4-20210201.0.el8_3
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatchhypervisor
VendorProductVersionCPE
redhatdnsmasq*cpe:2.3:a:redhat:dnsmasq:*:*:*:*:*:*:*:*
redhatdnsmasq-0*cpe:2.3:a:redhat:dnsmasq-0:*:*:*:*:*:*:*:*
redhatvirtualization_host*cpe:2.3:a:redhat:virtualization_host:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linuxhypervisorcpe:2.3:o:redhat:enterprise_linux:hypervisor:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

0.011

Percentile

85.3%