CVE-2020-25685low
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1889688
https://security.gentoo.org/glsa/202101-17
Details
Source: MITRE
Published: 2021-01-20
Updated: 2021-02-22
Type: CWE-358
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 2.2
Severity: LOW
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 151408 | EulerOS Virtualization 3.0.2.2 : dnsmasq (EulerOS-SA-2021-2134) | Nessus | Huawei Local Security Checks | low |
| 150612 | SUSE SLES11 Security Update : dnsmasq (SUSE-SU-2021:14603-1) | Nessus | SuSE Local Security Checks | high |
| 149190 | EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1775) | Nessus | Huawei Local Security Checks | high |
| 148783 | Fedora 32 : dnsmasq (2021-2e4c3d5a9d) | Nessus | Fedora Local Security Checks | high |
| 148613 | EulerOS Virtualization 2.9.1 : dnsmasq (EulerOS-SA-2021-1733) | Nessus | Huawei Local Security Checks | high |
| 148581 | EulerOS Virtualization 2.9.0 : dnsmasq (EulerOS-SA-2021-1758) | Nessus | Huawei Local Security Checks | high |
| 148050 | EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2021-1673) | Nessus | Huawei Local Security Checks | high |
| 147582 | EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2021-1389) | Nessus | Huawei Local Security Checks | high |
| 147517 | EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469) | Nessus | Huawei Local Security Checks | high |
| 147462 | EulerOS Virtualization 3.0.2.6 : dnsmasq (EulerOS-SA-2021-1411) | Nessus | Huawei Local Security Checks | high |
| 147341 | NewStart CGSL MAIN 6.02 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0091) | Nessus | NewStart CGSL Local Security Checks | high |
| 147133 | EulerOS Virtualization for ARM 64 3.0.6.0 : dnsmasq (EulerOS-SA-2021-1551) | Nessus | Huawei Local Security Checks | high |
| 146735 | EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1374) | Nessus | Huawei Local Security Checks | high |
| 146697 | EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2021-1288) | Nessus | Huawei Local Security Checks | high |
| 146369 | Slackware 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2021-040-01) | Nessus | Slackware Local Security Checks | high |
| 146242 | Debian DSA-4844-1 : dnsmasq - security update | Nessus | Debian Local Security Checks | high |
| 146224 | EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263) | Nessus | Huawei Local Security Checks | high |
| 146218 | EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1244) | Nessus | Huawei Local Security Checks | high |
| 146094 | RHEL 8 : Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4] (Important) (RHSA-2021:0401) | Nessus | Red Hat Local Security Checks | high |
| 146093 | RHEL 7 : RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13 (Important) (RHSA-2021:0395) | Nessus | Red Hat Local Security Checks | high |
| 145737 | EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138) | Nessus | Huawei Local Security Checks | high |
| 145698 | CentOS 8 : dnsmasq (CESA-2021:0150) | Nessus | CentOS Local Security Checks | high |
| 145454 | Amazon Linux 2 : dnsmasq (ALAS-2021-1587) | Nessus | Amazon Linux Local Security Checks | low |
| 145439 | CentOS 7 : dnsmasq (CESA-2021:0153) | Nessus | CentOS Local Security Checks | low |
| 145438 | Scientific Linux Security Update : dnsmasq on SL7.x x86_64 (2021:0153) | Nessus | Scientific Linux Local Security Checks | low |
| 145421 | Photon OS 2.0: Dnsmasq PHSA-2021-2.0-0312 | Nessus | PhotonOS Local Security Checks | high |
| 145420 | Photon OS 1.0: Dnsmasq PHSA-2021-1.0-0356 | Nessus | PhotonOS Local Security Checks | high |
| 145414 | Photon OS 3.0: Dnsmasq PHSA-2021-3.0-0186 | Nessus | PhotonOS Local Security Checks | high |
| 145404 | RHEL 7 : dnsmasq (RHSA-2021:0245) | Nessus | Red Hat Local Security Checks | low |
| 145403 | RHEL 7 : dnsmasq (RHSA-2021:0240) | Nessus | Red Hat Local Security Checks | low |
| 145356 | openSUSE Security Update : dnsmasq (openSUSE-2021-124) | Nessus | SuSE Local Security Checks | high |
| 145295 | openSUSE Security Update : dnsmasq (openSUSE-2021-129) | Nessus | SuSE Local Security Checks | high |
| 145282 | GLSA-202101-17 : Dnsmasq: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 145241 | Fedora 33 : dnsmasq (2021-84440e87ba) | Nessus | Fedora Local Security Checks | high |
| 145236 | FreeBSD : dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities (5b5cf6e5-5b51-11eb-95ac-7f9491278677) | Nessus | FreeBSD Local Security Checks | high |
| 145199 | SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1) | Nessus | SuSE Local Security Checks | high |
| 145175 | SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1) | Nessus | SuSE Local Security Checks | high |
| 145108 | SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1) | Nessus | SuSE Local Security Checks | high |
| 145088 | RHEL 8 : dnsmasq (RHSA-2021:0150) | Nessus | Red Hat Local Security Checks | high |
| 145087 | RHEL 7 : dnsmasq (RHSA-2021:0153) | Nessus | Red Hat Local Security Checks | low |
| 145086 | Oracle Linux 8 : dnsmasq (ELSA-2021-0150) | Nessus | Oracle Linux Local Security Checks | high |
| 145085 | RHEL 7 : dnsmasq (RHSA-2021:0155) | Nessus | Red Hat Local Security Checks | low |
| 145083 | RHEL 7 : dnsmasq (RHSA-2021:0156) | Nessus | Red Hat Local Security Checks | low |
| 145082 | RHEL 8 : dnsmasq (RHSA-2021:0152) | Nessus | Red Hat Local Security Checks | high |
| 145079 | RHEL 7 : dnsmasq (RHSA-2021:0154) | Nessus | Red Hat Local Security Checks | low |
| 145078 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Dnsmasq vulnerabilities (USN-4698-1) | Nessus | Ubuntu Local Security Checks | high |
| 145077 | RHEL 8 : dnsmasq (RHSA-2021:0151) | Nessus | Red Hat Local Security Checks | high |
| 145075 | Oracle Linux 7 : dnsmasq (ELSA-2021-0153) | Nessus | Oracle Linux Local Security Checks | low |
| 145073 | dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ) | Nessus | DNS | high |