This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Updated dnsmasq packages fix security vulnerabilities :
When dnsmasq before 2.63 is used in conjunctions with certain
configurations of libvirtd, network packets from prohibited networks
(e.g. packets that should not be passed in) may be sent to the dnsmasq
application and processed. This can result in DNS amplification
attacks for example (CVE-2012-3411).
This update adds a new option --bind-dynamic which is immune to this
Updated dnsmasq packages fix security vulnerabilities
This update completes the fix for CVE-2012-3411 provided with
dnsmasq-2.63. It was found that after the upstream patch for
CVE-2012-3411 issue was applied, dnsmasq still :
- replied to remote TCP-protocol based DNS queries (UDP
protocol ones were corrected, but TCP ones not) from
prohibited networks, when the --bind-dynamic option was
- when --except-interface lo option was used dnsmasq
didn't answer local or remote UDP DNS queries, but still
allowed TCP protocol based DNS queries,
- when --except-interface lo option was not used local /
remote TCP DNS queries were also still answered by
This update fix these three cases.
Update the affected dnsmasq and / or dnsmasq-base packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true