EulerOS 2.0 SP1 : dnsmasq (EulerOS-SA-2016-1044)
Medium Nessus Plugin ID 99807
SynopsisThe remote EulerOS host is missing multiple security updates.
DescriptionAccording to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.
- Security Fix(es)
- The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.(CVE-2015-3294)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected dnsmasq packages.