dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

CVE-2020-25686

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

CVE-2020-25685

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

Oracle Linux 8 : dnsmasq (ELSA-2021-0150)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0150 advisory. - Fix various issues in dnssec validation CVE-2020-25681 - Accept responses only on correct sockets CVE-2020-25684 Tenable has extracted the preceding...

RHEL 7 : dnsmasq (RHSA-2021:0154)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0154 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 8 : dnsmasq (RHSA-2021:0151)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0151 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 7 : dnsmasq (RHSA-2021:0156)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0156 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 7 : dnsmasq (RHSA-2021:0155)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0155 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 7 : dnsmasq (RHSA-2021:0153)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0153 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 8 : dnsmasq (RHSA-2021:0150)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0150 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 8 : dnsmasq (RHSA-2021:0152)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0152 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705)

DESCRIPTION A flaw has been found in the ICMP rate limiting algorithm of the Linux kernel. This flaw allows an off-path attacker to quickly determine open ephemeral ports that are used by applications making outbound connections. This can be exploited by an off-path attacker to more easily perfor...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2020-0083)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofe...

DEBIAN-CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

Design/Logic Flaw

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

UBUNTU-CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

EulerOS Virtualization 3.0.6.6 : ntp (EulerOS-SA-2020-2450)

According to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server...

EulerOS 2.0 SP5 : ntp (EulerOS-SA-2020-1927)

According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet wit...

EulerOS Virtualization for ARM 64 3.0.6.0 : ntp (EulerOS-SA-2020-1893)

According to the versions of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or...

DEBIAN-CVE-2020-8622

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that...