Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686)

Summary IBM Security Privileged Identity Manager has addressed issues for dnsmasq as follows. Vulnerability Details CVEID: CVE-2020-25684 DESCRIPTION: dnsmasq is vulnerable to dns cache poisoning, caused by the failure to validate the combination of address/port and the query-id fields of DNS...

QNAP QTS DNSpooq Vulnerabilities (QSA-21-09)

QNAP QTS is prone to multiple vulnerabilities in dnsmasq. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescriptio...

SUSE: Security Advisory (SUSE-SU-2021:14603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking,...

openSUSE Security Update : dnsmasq (openSUSE-2021-124)

This update for dnsmasq fixes the following issues : - bsc1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflow...

Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq

dnspooq DNSpooq PoC - dnsmasq cache poisoning CVE-2020-25686,...

DNSpooq bugs haunt dnsmasq

The research team at JSOF found seven vulnerabilities in dnsmasq and have dubbed them DNSpooq, collectively. Now, some of you may shrug and move on, probably because you havent heard of dnsmasq before. Well, before you go, you should know that dnsmasq is used in a wide variety of phones, routers,...

CVE-2020-25682

creationtimestamp| type| source ---|---|--- 2021-01-20 11:02:54+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/dnspooq-haavoittuvuusjoukko-laajalti-kaytossa-olevassa-dnsmasq-ohjelmistossa 2021-01-20 20:27:20+00:00| seen| https://t.me/cibsecurity/22429 2021-01-21 02:28:28+00:00| seen|...

SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1)

This update for dnsmasq fixes the following issues : bsc1177077: Fixed DNSpooq vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when...

Security update for dnsmasq (important)

openSUSE Security Update: Security update for dnsmasq Announcement ID: openSUSE-SU-2021:0129-1 Rating: important References: 1176076 1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: openSUSE Leap...

Security update for dnsmasq (important)

openSUSE Security Update: Security update for dnsmasq Announcement ID: openSUSE-SU-2021:0124-1 Rating: important References: 1176076 1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: openSUSE Leap...

SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1)

This update for dnsmasq fixes the following issues : bsc1177077: Fixed DNSpooq vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when...

SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1)

This update for dnsmasq fixes the following issues : bsc1177077: Fixed DNSpooq vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when...

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System DNS responses for home and commercial routers and servers. The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks also...

Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021

A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq. Exploitation of these vulnerabilities could result in remote code execution or denial of service DoS, or may allow ...

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System DNS responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The seven flaws,...

SUSE-SU-2021:14603-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - bsc1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fix...

SUSE-SU-2021:0162-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: - bsc1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows...