CVE-2008-3350 (GCVE-0-2008-3350)

Vulnerability from cvelistv5 – Published: 2008-07-28 17:00 – Updated: 2024-08-07 09:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://article.gmane.org/gmane.network.dns.dnsmas…	mailing-listx_refsource_MLIST
	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG	x_refsource_CONFIRM
	http://secunia.com/advisories/31197	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2166	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:26.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "dnsmasq-dhcpinform-dos(43960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
          },
          {
            "name": "dnsmasq-dhcplease-dos(43957)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
          },
          {
            "name": "[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
          },
          {
            "name": "31197",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31197"
          },
          {
            "name": "ADV-2008-2166",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2166"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "dnsmasq-dhcpinform-dos(43960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
        },
        {
          "name": "dnsmasq-dhcplease-dos(43957)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
        },
        {
          "name": "[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
        },
        {
          "name": "31197",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31197"
        },
        {
          "name": "ADV-2008-2166",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2166"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "dnsmasq-dhcpinform-dos(43960)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
            },
            {
              "name": "dnsmasq-dhcplease-dos(43957)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
            },
            {
              "name": "[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.",
              "refsource": "MLIST",
              "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
            },
            {
              "name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG",
              "refsource": "CONFIRM",
              "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
            },
            {
              "name": "31197",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31197"
            },
            {
              "name": "ADV-2008-2166",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2166"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3350",
    "datePublished": "2008-07-28T17:00:00",
    "dateReserved": "2008-07-28T00:00:00",
    "dateUpdated": "2024-08-07T09:37:26.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF6E1AB2-D9D6-455A-AA53-E50A9F7C6DC0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \\\"unknown client,\\\" a different vulnerability than CVE-2008-3214.\"}, {\"lang\": \"es\", \"value\": \"dnsmasq 2.43 permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda de monio) mediante (1) el env\\u00edo de un DHCPINFORM en ausencia de una asignaci\\u00f3n DHCP o (2) intentando renovar una asignaci\\u00f3n DHCP no existente para una subred inv\\u00e1lida como \\\"cliente desconocido\\\". Vulnerabilidad distinta de CVE-2008-3214.\"}]",
      "id": "CVE-2008-3350",
      "lastModified": "2024-11-21T00:49:02.353",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-07-28T17:41:00.000",
      "references": "[{\"url\": \"http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/31197\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2166\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43957\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43960\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/31197\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43957\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43960\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.\", \"lastModified\": \"2008-07-30T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3350\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-07-28T17:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \\\"unknown client,\\\" a different vulnerability than CVE-2008-3214.\"},{\"lang\":\"es\",\"value\":\"dnsmasq 2.43 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de monio) mediante (1) el env\u00edo de un DHCPINFORM en ausencia de una asignaci\u00f3n DHCP o (2) intentando renovar una asignaci\u00f3n DHCP no existente para una subred inv\u00e1lida como \\\"cliente desconocido\\\". Vulnerabilidad distinta de CVE-2008-3214.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6E1AB2-D9D6-455A-AA53-E50A9F7C6DC0\"}]}]}],\"references\":[{\"url\":\"http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/31197\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2166\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43957\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43960\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/31197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.\",\"lastModified\":\"2008-07-30T00:00:00\"}]}}"
  }
}

FKIE_CVE-2008-3350

Vulnerability from fkie_nvd - Published: 2008-07-28 17:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189	Patch
cve@mitre.org	http://secunia.com/advisories/31197	Vendor Advisory
cve@mitre.org	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2166
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43957
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43960
af854a3a-2127-422b-91ae-364da2661108	http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31197	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2166
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43957
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43960

Impacted products

	Vendor	Product	Version
	the_kelleys	dnsmasq	2.43

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E1AB2-D9D6-455A-AA53-E50A9F7C6DC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214."
    },
    {
      "lang": "es",
      "value": "dnsmasq 2.43 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de monio) mediante (1) el env\u00edo de un DHCPINFORM en ausencia de una asignaci\u00f3n DHCP o (2) intentando renovar una asignaci\u00f3n DHCP no existente para una subred inv\u00e1lida como \"cliente desconocido\". Vulnerabilidad distinta de CVE-2008-3214."
    }
  ],
  "id": "CVE-2008-3350",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-28T17:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2166"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.",
      "lastModified": "2008-07-30T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-3350

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3350

Aliases

CVE-2008-3350

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3350",
    "description": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214.",
    "id": "GSD-2008-3350",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3350.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3350"
      ],
      "details": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214.",
      "id": "GSD-2008-3350",
      "modified": "2023-12-13T01:23:05.825881Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3350",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "dnsmasq-dhcpinform-dos(43960)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
          },
          {
            "name": "dnsmasq-dhcplease-dos(43957)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
          },
          {
            "name": "[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.",
            "refsource": "MLIST",
            "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
          },
          {
            "name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG",
            "refsource": "CONFIRM",
            "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
          },
          {
            "name": "31197",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31197"
          },
          {
            "name": "ADV-2008-2166",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2166"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3350"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
            },
            {
              "name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
            },
            {
              "name": "31197",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31197"
            },
            {
              "name": "ADV-2008-2166",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2166"
            },
            {
              "name": "dnsmasq-dhcpinform-dos(43960)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
            },
            {
              "name": "dnsmasq-dhcplease-dos(43957)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:31Z",
      "publishedDate": "2008-07-28T17:41Z"
    }
  }
}

VAR-200807-0469

Vulnerability from variot - Updated: 2023-12-18 10:52

dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. dnsmasq There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition. This vulnerability CVE-2008-3214 Is a different vulnerability.Denial of service operation by a third party: ( Daemon crash ) There is a possibility of being put into a state. Dnsmasq is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to crash the server, denying access to legitimate users. Dnsmasq 2.43 is vulnerable.

For more information: SA30348

SOLUTION: Apply updated packages via the yum utility ("yum update snort").

For more information: SA29410

The vulnerability is reported in the following products and versions: * Avaya Communication Manager (3.1 and later) * Avaya Intuity AUDIX LX (all versions) * Avaya EMMC (all versions) * Avaya Messaging Storage Server (all versions) * Avaya Message Networking (all versions) * Avaya SIP Enablement Services (3.1.2 and later) * Avaya Voice Portal (all versions) * Avaya Meeting Exchange (all versions) * Avaya Proactive Contact (all versions) * Avaya AES (3.1.6, 4.2.1)

SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated. This can be exploited to bypass Snort rules by sending fragmented IP packets with an overly large TTL (Time To Live) difference between fragments.

1) A vulnerability is caused due to dnsmasq not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

Note: Additionally, an error within the netlink code and a potential crash when a host without a lease performs a DHCPINFORM have been reported in version 2.43. ----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: bzip2 Unspecified Vulnerability

SECUNIA ADVISORY ID: SA29410

VERIFY ADVISORY: http://secunia.com/advisories/29410/

CRITICAL: Moderately critical

IMPACT: Unknown

WHERE:

From remote

REVISION: 1.1 originally posted 2008-03-24

SOFTWARE: bzip2 1.x http://secunia.com/product/5138/

DESCRIPTION: A vulnerability with unknown impact has been reported in bzip2.

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in versions prior to 1.0.5.

SOLUTION: Update to version 1.0.5. http://www.bzip.org/downloads.html

PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group

CHANGELOG: 2008-03-24: Added CVE reference.

ORIGINAL ADVISORY: http://www.bzip.org/CHANGES

http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

OTHER REFERENCES: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-02

                                        http://security.gentoo.org/

Severity: Normal Title: dnsmasq: Denial of Service and DNS spoofing Date: September 04, 2008 Bugs: #231282, #232523 ID: 200809-02

Synopsis

Two vulnerabilities in dnsmasq might allow for a Denial of Service or spoofing of DNS replies.

Background

Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server.

Affected packages

-------------------------------------------------------------------
 Package          /  Vulnerable  /                      Unaffected
-------------------------------------------------------------------

1 net-dns/dnsmasq < 2.45 >= 2.45

Description

Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447).
Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350).

Impact

A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All dnsmasq users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45"

References

[ 1 ] CVE-2008-3350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350 [ 2 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200809-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200807-0469",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dnsmasq",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "the kelleys",
        "version": "2.43"
      },
      {
        "model": "dnsmasq",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "thekelleys",
        "version": "2.43"
      },
      {
        "model": "net-dns/dnsmasq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "2.43"
      },
      {
        "model": "dnsmasq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dnsmasq",
        "version": "2.43"
      },
      {
        "model": "net-dns/dnsmasq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "gentoo",
        "version": "2.45"
      },
      {
        "model": "dnsmasq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dnsmasq",
        "version": "2.45"
      },
      {
        "model": "dnsmasq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dnsmasq",
        "version": "2.44"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carlos Carvalho",
    "sources": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-3350",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-3350",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-3350",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200807-442",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214. dnsmasq There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition. This vulnerability CVE-2008-3214 Is a different vulnerability.Denial of service operation by a third party: ( Daemon crash ) There is a possibility of being put into a state. Dnsmasq is prone to multiple remote denial-of-service vulnerabilities. \nAn attacker can exploit these issues to crash the server, denying access to legitimate users. \nDnsmasq 2.43 is vulnerable. \n\nFor more information:\nSA30348\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update snort\"). \n\nFor more information:\nSA29410\n\nThe vulnerability is reported in the following products and\nversions:\n* Avaya Communication Manager (3.1 and later)\n* Avaya Intuity AUDIX LX (all versions)\n* Avaya EMMC (all versions)\n* Avaya Messaging Storage Server (all versions)\n* Avaya Message Networking (all versions)\n* Avaya SIP Enablement Services (3.1.2 and later)\n* Avaya Voice Portal (all versions)\n* Avaya Meeting Exchange (all versions)\n* Avaya Proactive Contact (all versions)\n* Avaya AES (3.1.6, 4.2.1)\n\nSOLUTION:\nThe vendor recommends that local and network access to the affected\nsystems be restricted until an update is available. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. This can be exploited to bypass Snort rules by\nsending fragmented IP packets with an overly large TTL (Time To Live)\ndifference between fragments. \n\n1) A vulnerability is caused due to dnsmasq not sufficiently\nrandomising the DNS transaction ID and the source port number, which\ncan be exploited to poison the DNS cache. \n\nNote: Additionally, an error within the netlink code and a potential\ncrash when a host without a lease performs a DHCPINFORM have been\nreported in version 2.43. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nbzip2 Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA29410\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29410/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nUnknown\n\nWHERE:\n\u003eFrom remote\n\nREVISION:\n1.1 originally posted 2008-03-24\n\nSOFTWARE:\nbzip2 1.x\nhttp://secunia.com/product/5138/\n\nDESCRIPTION:\nA vulnerability with unknown impact has been reported in bzip2. \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nThe vulnerability is reported in versions prior to 1.0.5. \n\nSOLUTION:\nUpdate to version 1.0.5. \nhttp://www.bzip.org/downloads.html\n\nPROVIDED AND/OR DISCOVERED BY:\nOulu University Secure Programming Group\n\nCHANGELOG:\n2008-03-24: Added CVE reference. \n\nORIGINAL ADVISORY:\nhttp://www.bzip.org/CHANGES\n\nhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\n\nOTHER REFERENCES:\nhttps://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200809-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: dnsmasq: Denial of Service and DNS spoofing\n      Date: September 04, 2008\n      Bugs: #231282, #232523\n        ID: 200809-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nTwo vulnerabilities in dnsmasq might allow for a Denial of Service or\nspoofing of DNS replies. \n\nBackground\n==========\n\nDnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP\nserver. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package          /  Vulnerable  /                      Unaffected\n    -------------------------------------------------------------------\n  1  net-dns/dnsmasq       \u003c 2.45                              \u003e= 2.45\n\nDescription\n===========\n\n* Dan Kaminsky of IOActive reported that dnsmasq does not randomize\n  UDP source ports when forwarding DNS queries to a recursing DNS\n  server (CVE-2008-1447). \n\n* Carlos Carvalho reported that dnsmasq in the 2.43 version does not\n  properly handle clients sending inform or renewal queries for unknown\n  DHCP leases, leading to a crash (CVE-2008-3350). \n\nImpact\n======\n\nA remote attacker could send spoofed DNS response traffic to dnsmasq,\npossibly involving generating queries via multiple vectors, and spoof\nDNS replies, which could e.g. lead to the redirection of web or mail\ntraffic to malicious sites. Furthermore, an attacker could generate\ninvalid DHCP traffic and cause a Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll dnsmasq users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.45\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2008-3350\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350\n  [ 2 ] CVE-2008-1447\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200809-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "PACKETSTORM",
        "id": "67068"
      },
      {
        "db": "PACKETSTORM",
        "id": "68442"
      },
      {
        "db": "PACKETSTORM",
        "id": "71032"
      },
      {
        "db": "PACKETSTORM",
        "id": "66607"
      },
      {
        "db": "PACKETSTORM",
        "id": "68438"
      },
      {
        "db": "PACKETSTORM",
        "id": "64854"
      },
      {
        "db": "PACKETSTORM",
        "id": "69643"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3350",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "31197",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2166",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067",
        "trust": 0.8
      },
      {
        "db": "MLIST",
        "id": "[DNSMASQ-DISCUSS] 20080720 DNSMASQ 2.44 AVAILABLE.",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "43960",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "43957",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "31017",
        "trust": 0.3
      },
      {
        "db": "SECUNIA",
        "id": "30563",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "67068",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "31204",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "68442",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "32313",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "71032",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "30348",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66607",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "68438",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "29410",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64854",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69643",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "PACKETSTORM",
        "id": "67068"
      },
      {
        "db": "PACKETSTORM",
        "id": "68442"
      },
      {
        "db": "PACKETSTORM",
        "id": "71032"
      },
      {
        "db": "PACKETSTORM",
        "id": "66607"
      },
      {
        "db": "PACKETSTORM",
        "id": "68438"
      },
      {
        "db": "PACKETSTORM",
        "id": "64854"
      },
      {
        "db": "PACKETSTORM",
        "id": "69643"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "id": "VAR-200807-0469",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.24812031
  },
  "last_update_date": "2023-12-18T10:52:25.508000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "dnsmasq",
        "trust": 0.8,
        "url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
      },
      {
        "trust": 1.7,
        "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/31197"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/2166"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3350"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3350"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/43960"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/43957"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2166"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/30348/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/29410/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/31197/"
      },
      {
        "trust": 0.2,
        "url": "http://corporate.secunia.com/about_secunia/64/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00198.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30563/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/18642/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15552/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00167.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16769/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00156.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5028/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipcop.org/index.php?name=news\u0026file=article\u0026sid=40"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31204/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/5801/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/binary_analysis/sample_analysis/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19184/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19183/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19414/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/8717/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32313/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/8090/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20091/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19182/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/4484/"
      },
      {
        "trust": 0.1,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2008-404.htm"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19415/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16919/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13116/"
      },
      {
        "trust": 0.1,
        "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2156"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4837/"
      },
      {
        "trust": 0.1,
        "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2199"
      },
      {
        "trust": 0.1,
        "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2176"
      },
      {
        "trust": 0.1,
        "url": "https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.bzip.org/downloads.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
      },
      {
        "trust": 0.1,
        "url": "http://www.bzip.org/changes"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5138/"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-200809-02.xml"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3350"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1447"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "PACKETSTORM",
        "id": "67068"
      },
      {
        "db": "PACKETSTORM",
        "id": "68442"
      },
      {
        "db": "PACKETSTORM",
        "id": "71032"
      },
      {
        "db": "PACKETSTORM",
        "id": "66607"
      },
      {
        "db": "PACKETSTORM",
        "id": "68438"
      },
      {
        "db": "PACKETSTORM",
        "id": "64854"
      },
      {
        "db": "PACKETSTORM",
        "id": "69643"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "db": "PACKETSTORM",
        "id": "67068"
      },
      {
        "db": "PACKETSTORM",
        "id": "68442"
      },
      {
        "db": "PACKETSTORM",
        "id": "71032"
      },
      {
        "db": "PACKETSTORM",
        "id": "66607"
      },
      {
        "db": "PACKETSTORM",
        "id": "68438"
      },
      {
        "db": "PACKETSTORM",
        "id": "64854"
      },
      {
        "db": "PACKETSTORM",
        "id": "69643"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-07-20T00:00:00",
        "db": "BID",
        "id": "31017"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "date": "2008-06-06T22:51:33",
        "db": "PACKETSTORM",
        "id": "67068"
      },
      {
        "date": "2008-07-23T22:36:39",
        "db": "PACKETSTORM",
        "id": "68442"
      },
      {
        "date": "2008-10-17T23:09:21",
        "db": "PACKETSTORM",
        "id": "71032"
      },
      {
        "date": "2008-05-22T16:01:29",
        "db": "PACKETSTORM",
        "id": "66607"
      },
      {
        "date": "2008-07-23T22:36:39",
        "db": "PACKETSTORM",
        "id": "68438"
      },
      {
        "date": "2008-03-26T00:09:25",
        "db": "PACKETSTORM",
        "id": "64854"
      },
      {
        "date": "2008-09-04T22:22:48",
        "db": "PACKETSTORM",
        "id": "69643"
      },
      {
        "date": "2008-07-28T17:41:00",
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "date": "2008-07-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-04T23:21:00",
        "db": "BID",
        "id": "31017"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-006067"
      },
      {
        "date": "2017-08-08T01:31:48.310000",
        "db": "NVD",
        "id": "CVE-2008-3350"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dnsmasq DCHP Lease Multiple Remote Denial Of Service Vulnerabilities",
    "sources": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "31017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-442"
      }
    ],
    "trust": 0.9
  }
}

GHSA-8W5W-HCG8-56W5

Vulnerability from github – Published: 2022-05-01 23:59 – Updated: 2022-05-01 23:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3350"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-28T17:41:00Z",
    "severity": "MODERATE"
  },
  "details": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214.",
  "id": "GHSA-8w5w-hcg8-56w5",
  "modified": "2022-05-01T23:59:14Z",
  "published": "2022-05-01T23:59:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3350"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31197"
    },
    {
      "type": "WEB",
      "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2166"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3350 (GCVE-0-2008-3350)

FKIE_CVE-2008-3350

GSD-2008-3350

VAR-200807-0469

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

GHSA-8W5W-HCG8-56W5

Tags

Sightings

Nomenclature