Detections
Analytics

GLSA-200504-03 : Dnsmasq: Poisoning and Denial of Service vulnerabilities

low Nessus Plugin ID 17977

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200504-03 (Dnsmasq: Poisoning and Denial of Service vulnerabilities)

 Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one buffer overflows that could crash DHCP lease files parsing.
 Impact :

 A remote attacker could send malicious answers to insert arbitrary DNS data into the Dnsmasq cache. These attacks would in turn help an attacker to perform man-in-the-middle and site impersonation attacks.
 The buffer overflows might allow an attacker on the local network to crash Dnsmasq upon restart.
 Workaround :

 There is no known workaround at this time.

Solution

All Dnsmasq users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/dnsmasq-2.22'

See Also

http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

https://security.gentoo.org/glsa/200504-03

Plugin Details

Severity: Low

ID: 17977

File Name: gentoo_GLSA-200504-03.nasl

Version: 1.15

Type: local

Published: 4/6/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:dnsmasq, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 4/4/2005

Vulnerability Publication Date: 3/23/2005

Reference Information

GLSA: 200504-03