ALT-PU-2021-1638-1

Package update dnsmasq in branch p9

Version2.85-alt1

Published2021-04-12

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM4.0

Уязвимость DNS-сервера Dnsmasq, связанная с неправильно реализованной проверкой безопасности для стандартных элементов, позволяющая нарушителю реализовать атаку отравления кэша DNS

Published: 2022-07-01Modified: 2024-09-16

CVSS 3.xMEDIUM 4.0

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

References

CVE-2021-3448

MEDIUM4.0

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Published: 2021-04-08Modified: 2025-12-03

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.0

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

References