dnsmasq < 2.73rc4 setup_reply() Function Return Value Checking Information Disclosure
Medium Nessus Plugin ID 87596
SynopsisThe remote DNS / DHCP service is affected by an information disclosure vulnerability.
DescriptionThe remote dnsmasq server is running a version prior to 2.73rc4. It is, therefore, affected by an information disclosure vulnerability due not properly checking the return value from the setup_reply() function during TCP connections. An unauthenticated, remote attacker can exploit this to disclose sensitive information.
SolutionUpgrade to dnsmasq 2.73rc4 or later.