EulerOS 2.0 SP1 : dnsmasq (EulerOS-SA-2016-1044)

Medium Nessus Plugin ID 99807


The remote EulerOS host is missing multiple security updates.


According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

- Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.

- Security Fix(es)

- The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.(CVE-2015-3294)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected dnsmasq packages.

See Also

Plugin Details

Severity: Medium

ID: 99807

File Name: EulerOS_SA-2016-1044.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2017/05/02

Modified: 2017/05/02

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:dnsmasq, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/09/11

Reference Information

CVE: CVE-2015-3294

BID: 74452

OSVDB: 121174