A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
https://bugzilla.redhat.com/show_bug.cgi?id=1889686
https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html
https://security.gentoo.org/glsa/202101-17
Source: MITRE
Published: 2021-01-20
Updated: 2021-03-26
Type: CWE-358
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 2.2
Severity: LOW
OR
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148613 | EulerOS : dnsmasq (EulerOS-SA-2021-1733) | Nessus | Huawei Local Security Checks | high |
148581 | EulerOS : dnsmasq (EulerOS-SA-2021-1758) | Nessus | Huawei Local Security Checks | high |
148050 | EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2021-1673) | Nessus | Huawei Local Security Checks | high |
147960 | Debian DLA-2604-1 : dnsmasq security update | Nessus | Debian Local Security Checks | high |
147582 | EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2021-1389) | Nessus | Huawei Local Security Checks | high |
147517 | EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469) | Nessus | Huawei Local Security Checks | high |
147462 | EulerOS Virtualization 3.0.2.6 : dnsmasq (EulerOS-SA-2021-1411) | Nessus | Huawei Local Security Checks | high |
147341 | NewStart CGSL MAIN 6.02 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0091) | Nessus | NewStart CGSL Local Security Checks | high |
147133 | EulerOS Virtualization for ARM 64 3.0.6.0 : dnsmasq (EulerOS-SA-2021-1551) | Nessus | Huawei Local Security Checks | high |
146735 | EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1374) | Nessus | Huawei Local Security Checks | high |
146697 | EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2021-1288) | Nessus | Huawei Local Security Checks | high |
146369 | Slackware 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2021-040-01) | Nessus | Slackware Local Security Checks | high |
146242 | Debian DSA-4844-1 : dnsmasq - security update | Nessus | Debian Local Security Checks | high |
146224 | EulerOS : dnsmasq (EulerOS-SA-2021-1263) | Nessus | Huawei Local Security Checks | high |
146218 | EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1244) | Nessus | Huawei Local Security Checks | high |
146094 | RHEL 8 : Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4] (Important) (RHSA-2021:0401) | Nessus | Red Hat Local Security Checks | high |
146093 | RHEL 7 : RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13 (Important) (RHSA-2021:0395) | Nessus | Red Hat Local Security Checks | high |
145737 | EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138) | Nessus | Huawei Local Security Checks | high |
145698 | CentOS 8 : dnsmasq (CESA-2021:0150) | Nessus | CentOS Local Security Checks | high |
145454 | Amazon Linux 2 : dnsmasq (ALAS-2021-1587) | Nessus | Amazon Linux Local Security Checks | medium |
145439 | CentOS 7 : dnsmasq (CESA-2021:0153) | Nessus | CentOS Local Security Checks | medium |
145438 | Scientific Linux Security Update : dnsmasq on SL7.x x86_64 (2021:0153) | Nessus | Scientific Linux Local Security Checks | medium |
145421 | Photon OS 2.0: Dnsmasq PHSA-2021-2.0-0312 | Nessus | PhotonOS Local Security Checks | high |
145420 | Photon OS 1.0: Dnsmasq PHSA-2021-1.0-0356 | Nessus | PhotonOS Local Security Checks | high |
145414 | Photon OS 3.0: Dnsmasq PHSA-2021-3.0-0186 | Nessus | PhotonOS Local Security Checks | high |
145404 | RHEL 7 : dnsmasq (RHSA-2021:0245) | Nessus | Red Hat Local Security Checks | medium |
145403 | RHEL 7 : dnsmasq (RHSA-2021:0240) | Nessus | Red Hat Local Security Checks | medium |
145356 | openSUSE Security Update : dnsmasq (openSUSE-2021-124) | Nessus | SuSE Local Security Checks | high |
145295 | openSUSE Security Update : dnsmasq (openSUSE-2021-129) | Nessus | SuSE Local Security Checks | high |
145282 | GLSA-202101-17 : Dnsmasq: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
145241 | Fedora 33 : dnsmasq (2021-84440e87ba) | Nessus | Fedora Local Security Checks | high |
145236 | FreeBSD : dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities (5b5cf6e5-5b51-11eb-95ac-7f9491278677) | Nessus | FreeBSD Local Security Checks | high |
145199 | SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1) | Nessus | SuSE Local Security Checks | high |
145175 | SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1) | Nessus | SuSE Local Security Checks | high |
145108 | SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1) | Nessus | SuSE Local Security Checks | high |
145088 | RHEL 8 : dnsmasq (RHSA-2021:0150) | Nessus | Red Hat Local Security Checks | high |
145087 | RHEL 7 : dnsmasq (RHSA-2021:0153) | Nessus | Red Hat Local Security Checks | medium |
145086 | Oracle Linux 8 : dnsmasq (ELSA-2021-0150) | Nessus | Oracle Linux Local Security Checks | high |
145085 | RHEL 7 : dnsmasq (RHSA-2021:0155) | Nessus | Red Hat Local Security Checks | medium |
145083 | RHEL 7 : dnsmasq (RHSA-2021:0156) | Nessus | Red Hat Local Security Checks | medium |
145082 | RHEL 8 : dnsmasq (RHSA-2021:0152) | Nessus | Red Hat Local Security Checks | high |
145079 | RHEL 7 : dnsmasq (RHSA-2021:0154) | Nessus | Red Hat Local Security Checks | medium |
145078 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Dnsmasq vulnerabilities (USN-4698-1) | Nessus | Ubuntu Local Security Checks | high |
145077 | RHEL 8 : dnsmasq (RHSA-2021:0151) | Nessus | Red Hat Local Security Checks | high |
145075 | Oracle Linux 7 : dnsmasq (ELSA-2021-0153) | Nessus | Oracle Linux Local Security Checks | medium |
145073 | dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ) | Nessus | DNS | high |