Lucene search

K
ubuntuUbuntuUSN-5034-2
HistoryAug 10, 2021 - 12:00 a.m.

c-ares vulnerability

2021-08-1000:00:00
ubuntu.com
85

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

52.8%

Releases

  • Ubuntu 16.04 ESM

Packages

  • c-ares - library for asynchronous name resolution

Details

USN-5034-1 fixed a vulnerability in c-ares. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
validated certain hostnames returned by DNS servers. A remote attacker
could possibly use this issue to perform Domain Hijacking attacks.

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibc-ares2< 1.10.0-3ubuntu0.2+esm1UNKNOWN
Ubuntu16.04noarchlibc-ares-dev< 1.10.0-3ubuntu0.2UNKNOWN
Ubuntu16.04noarchlibc-ares2< 1.10.0-3ubuntu0.2UNKNOWN
Ubuntu16.04noarchlibc-ares2-dbgsym< 1.10.0-3ubuntu0.2UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

52.8%