EulerOS 2.0 SP1 : dnsmasq (EulerOS-SA-2016-1044)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the dnsmasq package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- Dnsmasq is lightweight, easy to configure DNS forwarder
and DHCP server. It is designed to provide DNS and,
optionally, DHCP, to a small network. It can serve the
names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and
allows machines with DHCP-allocated addresses to appear
in the DNS with names configured either in each host or
in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network
booting of diskless machines.

- Security Fix(es)

- The tcp_request function in Dnsmasq before 2.73rc4 does
not properly handle the return value of the setup_reply
function, which allows remote attackers to read process
memory and cause a denial of service (out-of-bounds
read and crash) via a malformed DNS
request.(CVE-2015-3294)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?31750c64

Solution :

Update the affected dnsmasq packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 4.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Huawei Local Security Checks

Nessus Plugin ID: 99807 ()

Bugtraq ID: 74452

CVE ID: CVE-2015-3294

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now