NewStart CGSL CORE 5.05 / MAIN 5.05 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0183)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dnsmasq packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service memory...

EulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2021-2151)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a serv...

EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1775)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be...

EulerOS Virtualization 2.9.1 : dnsmasq (EulerOS-SA-2021-1733)

According to the versions of the dnsmasq package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validate...

EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1374)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating wit...

EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

CentOS 8 : dnsmasq (CESA-2021:0150)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0150 advisory. - dnsmasq: heap-based buffer overflow in sortrrset when DNSSEC is enabled CVE-2020-25681 - dnsmasq: buffer overflow in extractname due to missing lengt...

CentOS 7 : dnsmasq (RHSA-2021:0153)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0153 advisory. - A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply...

Amazon Linux 2 : dnsmasq (ALAS-2021-1587)

The version of dnsmasq installed on the remote host is prior to 2.76-16. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1587 advisory. A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if th...

Medium: dnsmasq

Issue Overview: A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...

Scientific Linux Security Update : dnsmasq on SL7.x x86_64 (2021:0153)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:0153-1 advisory. - dnsmasq: loose address/port check in replyquery makes forging replies easier for an off-path attacker CVE-2020-25684 - dnsmasq: loose query nam...

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

Moderate: Red Hat Security Advisory: dnsmasq security update

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

RHEL 7 : dnsmasq (RHSA-2021:0240)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0240 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 7 : dnsmasq (RHSA-2021:0245)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0245 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

F5 Networks BIG-IP : NTP vulnerabilities (K55376430)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K55376430 advisory. Thentpdin the network time protocol NTP before 4.2.8p14, and in...

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...