Action not permitted
Modal body text goes here.
cve-2020-25683
Vulnerability from cvelistv5
Published
2021-01-20 15:25
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:40:36.769Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "name": "FEDORA-2021-84440e87ba", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/" }, { "name": "GLSA-202101-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-17" }, { "name": "DSA-4844", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4844" }, { "name": "FEDORA-2021-2e4c3d5a9d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/" }, { "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "dnsmasq", "vendor": "n/a", "versions": [ { "status": "affected", "version": "dnsmasq 2.83" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-22T20:06:15", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "name": "FEDORA-2021-84440e87ba", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/" }, { "name": "GLSA-202101-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202101-17" }, { "name": "DSA-4844", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4844" }, { "name": "FEDORA-2021-2e4c3d5a9d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/" }, { "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25683", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "dnsmasq", "version": { "version_data": [ { "version_value": "dnsmasq 2.83" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jsof-tech.com/disclosures/dnspooq/", "refsource": "MISC", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "name": "FEDORA-2021-84440e87ba", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/" }, { "name": "GLSA-202101-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202101-17" }, { "name": "DSA-4844", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4844" }, { "name": "FEDORA-2021-2e4c3d5a9d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/" }, { "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25683", "datePublished": "2021-01-20T15:25:04", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:36.769Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-25683\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-01-20T16:15:14.087\",\"lastModified\":\"2023-11-07T03:20:22.020\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en dnsmasq versiones anteriores a 2.83.\u0026#xa0;Se detect\u00f3 un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en dnsmasq cuando DNSSEC est\u00e1 habilitado y antes de comprobar las entradas DNS recibidas.\u0026#xa0;Un atacante remoto, que puede crear respuestas DNS v\u00e1lidas, podr\u00eda usar este fallo para causar un desbordamiento en una memoria asignada de la pila.\u0026#xa0;Este fallo es causado por una falta de comprobaci\u00f3n de longitud en rfc1035.c:extract_name(), que podr\u00eda ser abusado para causar que el c\u00f3digo ejecute memcpy() con un tama\u00f1o negativo en get_rdata() y causar un bloqueo en dnsmasq, lo que resultar\u00eda en una denegaci\u00f3n de servicio.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.1},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.83\",\"matchCriteriaId\":\"F38115DF-0F5C-442D-83D4-1125AAB4E2B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1882018\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202101-17\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4844\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.jsof-tech.com/disclosures/dnspooq/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
ghsa-4g83-8xc3-pp6v
Vulnerability from github
Published
2022-05-24 17:39
Modified
2022-05-24 17:39
Details
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
{ "affected": [], "aliases": [ "CVE-2020-25683" ], "database_specific": { "cwe_ids": [ "CWE-122" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-01-20T16:15:00Z", "severity": "HIGH" }, "details": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "id": "GHSA-4g83-8xc3-pp6v", "modified": "2022-05-24T17:39:33Z", "published": "2022-05-24T17:39:33Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202101-17" }, { "type": "WEB", "url": "https://www.debian.org/security/2021/dsa-4844" }, { "type": "WEB", "url": "https://www.jsof-tech.com/disclosures/dnspooq" } ], "schema_version": "1.4.0", "severity": [] }
rhsa-2021_0150
Vulnerability from csaf_redhat
Published
2021-01-19 15:06
Modified
2024-11-22 16:15
Summary
Red Hat Security Advisory: dnsmasq security update
Notes
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)
* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)
* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)
* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0150", "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "1881875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875" }, { "category": "external", "summary": "1882014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014" }, { "category": "external", "summary": "1882018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "category": "external", "summary": "1889686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686" }, { "category": "external", "summary": "1889688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688" }, { "category": "external", "summary": "1890125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125" }, { "category": "external", "summary": "1891568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0150.json" } ], "title": "Red Hat Security Advisory: dnsmasq security update", "tracking": { "current_release_date": "2024-11-22T16:15:17+00:00", "generator": { "date": "2024-11-22T16:15:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0150", "initial_release_date": "2021-01-19T15:06:28+00:00", "revision_history": [ { "date": "2021-01-19T15:06:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-19T15:06:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-13.el8_3.1.src", "product": { "name": "dnsmasq-0:2.79-13.el8_3.1.src", "product_id": "dnsmasq-0:2.79-13.el8_3.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-13.el8_3.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-13.el8_3.1.aarch64", "product": { "name": "dnsmasq-0:2.79-13.el8_3.1.aarch64", "product_id": "dnsmasq-0:2.79-13.el8_3.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-13.el8_3.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "product": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "product_id": "dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-13.el8_3.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "product": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "product_id": "dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-13.el8_3.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "product": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "product_id": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-13.el8_3.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "product_id": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-13.el8_3.1?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-13.el8_3.1.ppc64le", "product": { "name": "dnsmasq-0:2.79-13.el8_3.1.ppc64le", "product_id": "dnsmasq-0:2.79-13.el8_3.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-13.el8_3.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "product": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "product_id": "dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-13.el8_3.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "product": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "product_id": "dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-13.el8_3.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "product": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "product_id": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-13.el8_3.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "product_id": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-13.el8_3.1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-13.el8_3.1.x86_64", "product": { "name": "dnsmasq-0:2.79-13.el8_3.1.x86_64", "product_id": "dnsmasq-0:2.79-13.el8_3.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-13.el8_3.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "product": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "product_id": "dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-13.el8_3.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "product": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "product_id": "dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-13.el8_3.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "product": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "product_id": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-13.el8_3.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64", "product_id": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-13.el8_3.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-13.el8_3.1.s390x", "product": { "name": "dnsmasq-0:2.79-13.el8_3.1.s390x", "product_id": "dnsmasq-0:2.79-13.el8_3.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-13.el8_3.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "product": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "product_id": "dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-13.el8_3.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "product": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "product_id": "dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-13.el8_3.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "product": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "product_id": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-13.el8_3.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "product_id": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-13.el8_3.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-13.el8_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64" }, "product_reference": "dnsmasq-0:2.79-13.el8_3.1.aarch64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-13.el8_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le" }, "product_reference": "dnsmasq-0:2.79-13.el8_3.1.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-13.el8_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x" }, "product_reference": "dnsmasq-0:2.79-13.el8_3.1.s390x", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-13.el8_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src" }, "product_reference": "dnsmasq-0:2.79-13.el8_3.1.src", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-13.el8_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64" }, "product_reference": "dnsmasq-0:2.79-13.el8_3.1.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64" }, "product_reference": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le" }, "product_reference": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x" }, "product_reference": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64" }, "product_reference": "dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64" }, "product_reference": "dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le" }, "product_reference": "dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x" }, "product_reference": "dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64" }, "product_reference": "dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64" }, "product_reference": "dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le" }, "product_reference": "dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x" }, "product_reference": "dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-13.el8_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64" }, "product_reference": "dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25681", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881875" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25681" }, { "category": "external", "summary": "RHBZ#1881875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25681", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25681" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25681", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25681" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25682", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882014" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25682" }, { "category": "external", "summary": "RHBZ#1882014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25682", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25682" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25683", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882018" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25683" }, { "category": "external", "summary": "RHBZ#1882018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25684", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889686" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25684" }, { "category": "external", "summary": "RHBZ#1889686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25684", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25684" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default).\n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25685", "cwe": { "id": "CWE-326", "name": "Inadequate Encryption Strength" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889688" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25685" }, { "category": "external", "summary": "RHBZ#1889688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25685", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25686", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1890125" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25686" }, { "category": "external", "summary": "RHBZ#1890125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25686", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25687", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1891568" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25687" }, { "category": "external", "summary": "RHBZ#1891568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25687" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T15:06:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.src", "AppStream-8.3.0.Z.MAIN:dnsmasq-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debuginfo-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-debugsource-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-0:2.79-13.el8_3.1.x86_64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.aarch64", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.ppc64le", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.s390x", "AppStream-8.3.0.Z.MAIN:dnsmasq-utils-debuginfo-0:2.79-13.el8_3.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled" } ] }
rhsa-2021_0152
Vulnerability from csaf_redhat
Published
2021-01-19 13:11
Modified
2024-11-22 16:15
Summary
Red Hat Security Advisory: dnsmasq security update
Notes
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)
* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)
* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)
* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0152", "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "1881875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875" }, { "category": "external", "summary": "1882014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014" }, { "category": "external", "summary": "1882018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "category": "external", "summary": "1889686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686" }, { "category": "external", "summary": "1889688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688" }, { "category": "external", "summary": "1890125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125" }, { "category": "external", "summary": "1891568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0152.json" } ], "title": "Red Hat Security Advisory: dnsmasq security update", "tracking": { "current_release_date": "2024-11-22T16:15:10+00:00", "generator": { "date": "2024-11-22T16:15:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0152", "initial_release_date": "2021-01-19T13:11:33+00:00", "revision_history": [ { "date": "2021-01-19T13:11:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-19T13:11:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-6.el8_1.1.src", "product": { "name": "dnsmasq-0:2.79-6.el8_1.1.src", "product_id": "dnsmasq-0:2.79-6.el8_1.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-6.el8_1.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-6.el8_1.1.aarch64", "product": { "name": "dnsmasq-0:2.79-6.el8_1.1.aarch64", "product_id": "dnsmasq-0:2.79-6.el8_1.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-6.el8_1.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "product": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "product_id": "dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-6.el8_1.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "product": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "product_id": "dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-6.el8_1.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "product": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "product_id": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-6.el8_1.1?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "product_id": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-6.el8_1.1?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-6.el8_1.1.ppc64le", "product": { "name": "dnsmasq-0:2.79-6.el8_1.1.ppc64le", "product_id": "dnsmasq-0:2.79-6.el8_1.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-6.el8_1.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "product": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "product_id": "dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-6.el8_1.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "product": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "product_id": "dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-6.el8_1.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "product": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "product_id": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-6.el8_1.1?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "product_id": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-6.el8_1.1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-6.el8_1.1.x86_64", "product": { "name": "dnsmasq-0:2.79-6.el8_1.1.x86_64", "product_id": "dnsmasq-0:2.79-6.el8_1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-6.el8_1.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "product": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "product_id": "dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-6.el8_1.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "product": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "product_id": "dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-6.el8_1.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "product": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "product_id": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-6.el8_1.1?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64", "product_id": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-6.el8_1.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-6.el8_1.1.s390x", "product": { "name": "dnsmasq-0:2.79-6.el8_1.1.s390x", "product_id": "dnsmasq-0:2.79-6.el8_1.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-6.el8_1.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "product": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "product_id": "dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-6.el8_1.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "product": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "product_id": "dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-6.el8_1.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "product": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "product_id": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-6.el8_1.1?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "product_id": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-6.el8_1.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-6.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64" }, "product_reference": "dnsmasq-0:2.79-6.el8_1.1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-6.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le" }, "product_reference": "dnsmasq-0:2.79-6.el8_1.1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-6.el8_1.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x" }, "product_reference": "dnsmasq-0:2.79-6.el8_1.1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-6.el8_1.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src" }, "product_reference": "dnsmasq-0:2.79-6.el8_1.1.src", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-6.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64" }, "product_reference": "dnsmasq-0:2.79-6.el8_1.1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64" }, "product_reference": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le" }, "product_reference": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x" }, "product_reference": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64" }, "product_reference": "dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64" }, "product_reference": "dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le" }, "product_reference": "dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x" }, "product_reference": "dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64" }, "product_reference": "dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64" }, "product_reference": "dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le" }, "product_reference": "dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x" }, "product_reference": "dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-6.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64" }, "product_reference": "dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25681", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881875" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25681" }, { "category": "external", "summary": "RHBZ#1881875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25681", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25681" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25681", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25681" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25682", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882014" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25682" }, { "category": "external", "summary": "RHBZ#1882014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25682", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25682" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25683", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882018" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25683" }, { "category": "external", "summary": "RHBZ#1882018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25684", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889686" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25684" }, { "category": "external", "summary": "RHBZ#1889686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25684", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25684" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default).\n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25685", "cwe": { "id": "CWE-326", "name": "Inadequate Encryption Strength" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889688" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25685" }, { "category": "external", "summary": "RHBZ#1889688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25685", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25686", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1890125" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25686" }, { "category": "external", "summary": "RHBZ#1890125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25686", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25687", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1891568" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25687" }, { "category": "external", "summary": "RHBZ#1891568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25687" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:11:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.src", "AppStream-8.1.0.Z.EUS:dnsmasq-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debuginfo-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-debugsource-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-0:2.79-6.el8_1.1.x86_64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.aarch64", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.ppc64le", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.s390x", "AppStream-8.1.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-6.el8_1.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled" } ] }
rhsa-2021_0151
Vulnerability from csaf_redhat
Published
2021-01-19 13:37
Modified
2024-11-22 16:15
Summary
Red Hat Security Advisory: dnsmasq security update
Notes
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)
* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)
* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)
* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0151", "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "1881875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875" }, { "category": "external", "summary": "1882014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014" }, { "category": "external", "summary": "1882018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "category": "external", "summary": "1889686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686" }, { "category": "external", "summary": "1889688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688" }, { "category": "external", "summary": "1890125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125" }, { "category": "external", "summary": "1891568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0151.json" } ], "title": "Red Hat Security Advisory: dnsmasq security update", "tracking": { "current_release_date": "2024-11-22T16:15:03+00:00", "generator": { "date": "2024-11-22T16:15:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0151", "initial_release_date": "2021-01-19T13:37:11+00:00", "revision_history": [ { "date": "2021-01-19T13:37:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-19T13:37:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-11.el8_2.2.src", "product": { "name": "dnsmasq-0:2.79-11.el8_2.2.src", "product_id": "dnsmasq-0:2.79-11.el8_2.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-11.el8_2.2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-11.el8_2.2.aarch64", "product": { "name": "dnsmasq-0:2.79-11.el8_2.2.aarch64", "product_id": "dnsmasq-0:2.79-11.el8_2.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-11.el8_2.2?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "product": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "product_id": "dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-11.el8_2.2?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "product": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "product_id": "dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-11.el8_2.2?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "product": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "product_id": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-11.el8_2.2?arch=aarch64" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "product_id": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-11.el8_2.2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-11.el8_2.2.ppc64le", "product": { "name": "dnsmasq-0:2.79-11.el8_2.2.ppc64le", "product_id": "dnsmasq-0:2.79-11.el8_2.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-11.el8_2.2?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "product": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "product_id": "dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-11.el8_2.2?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "product": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "product_id": "dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-11.el8_2.2?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "product": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "product_id": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-11.el8_2.2?arch=ppc64le" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "product_id": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-11.el8_2.2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-11.el8_2.2.x86_64", "product": { "name": "dnsmasq-0:2.79-11.el8_2.2.x86_64", "product_id": "dnsmasq-0:2.79-11.el8_2.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-11.el8_2.2?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "product": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "product_id": "dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-11.el8_2.2?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "product": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "product_id": "dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-11.el8_2.2?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "product": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "product_id": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-11.el8_2.2?arch=x86_64" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64", "product_id": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-11.el8_2.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dnsmasq-0:2.79-11.el8_2.2.s390x", "product": { "name": "dnsmasq-0:2.79-11.el8_2.2.s390x", "product_id": "dnsmasq-0:2.79-11.el8_2.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq@2.79-11.el8_2.2?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "product": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "product_id": "dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-11.el8_2.2?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "product": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "product_id": "dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-11.el8_2.2?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "product": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "product_id": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-11.el8_2.2?arch=s390x" } } }, { "category": "product_version", "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "product": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "product_id": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-11.el8_2.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-11.el8_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64" }, "product_reference": "dnsmasq-0:2.79-11.el8_2.2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-11.el8_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le" }, "product_reference": "dnsmasq-0:2.79-11.el8_2.2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-11.el8_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x" }, "product_reference": "dnsmasq-0:2.79-11.el8_2.2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-11.el8_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src" }, "product_reference": "dnsmasq-0:2.79-11.el8_2.2.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-0:2.79-11.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64" }, "product_reference": "dnsmasq-0:2.79-11.el8_2.2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64" }, "product_reference": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le" }, "product_reference": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x" }, "product_reference": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64" }, "product_reference": "dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64" }, "product_reference": "dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le" }, "product_reference": "dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x" }, "product_reference": "dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64" }, "product_reference": "dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64" }, "product_reference": "dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le" }, "product_reference": "dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x" }, "product_reference": "dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-0:2.79-11.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64" }, "product_reference": "dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" }, "product_reference": "dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25681", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881875" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25681" }, { "category": "external", "summary": "RHBZ#1881875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25681", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25681" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25681", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25681" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25682", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882014" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25682" }, { "category": "external", "summary": "RHBZ#1882014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25682", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25682" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25683", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882018" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25683" }, { "category": "external", "summary": "RHBZ#1882018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25683" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25684", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889686" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25684" }, { "category": "external", "summary": "RHBZ#1889686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25684", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25684" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25684" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default).\n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25685", "cwe": { "id": "CWE-326", "name": "Inadequate Encryption Strength" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1889688" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25685" }, { "category": "external", "summary": "RHBZ#1889688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25685", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25686", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1890125" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker", "title": "Vulnerability summary" }, { "category": "other", "text": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\n\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25686" }, { "category": "external", "summary": "RHBZ#1890125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25686", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25686" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \n\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit \u003cnetwork-name\u003e` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \n\nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\n\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system\u2019s environment before applying.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker" }, { "acknowledgments": [ { "names": [ "Moshe Kol", "Shlomi Oberman" ], "organization": "JSOF" } ], "cve": "CVE-2020-25687", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1891568" } ], "notes": [ { "category": "description", "text": "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25687" }, { "category": "external", "summary": "RHBZ#1891568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, { "category": "external", "summary": "RHSB-2021-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25687" }, { "category": "external", "summary": "https://www.jsof-tech.com/disclosures/dnspooq/", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" } ], "release_date": "2021-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-19T13:37:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "workaround", "details": "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "product_ids": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.src", "AppStream-8.2.0.Z.EUS:dnsmasq-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debuginfo-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-debugsource-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-0:2.79-11.el8_2.2.x86_64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.aarch64", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.ppc64le", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.s390x", "AppStream-8.2.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-11.el8_2.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled" } ] }
wid-sec-w-2023-2836
Vulnerability from csaf_certbund
Published
2021-01-18 23:00
Modified
2023-11-06 23:00
Summary
dnsmasq: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dnsmasq ist ein leichtgewichtiger DNS- und DHCP Server.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in dnsmasq und mehreren Cisco Produkten ausnutzen, um beliebigen Programmcode auszuführen und um den DNS Cache zu manipulieren.
Betroffene Betriebssysteme
- UNIX
- Linux
- CISCO Appliance
- Appliance
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Dnsmasq ist ein leichtgewichtiger DNS- und DHCP Server.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in dnsmasq und mehreren Cisco Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren und um den DNS Cache zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- CISCO Appliance\n- Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2836 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-2836.json" }, { "category": "self", "summary": "WID-SEC-2023-2836 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2836" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-12971 vom 2023-11-06", "url": "https://linux.oracle.com/errata/ELSA-2023-12971.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-12972 vom 2023-11-06", "url": "https://linux.oracle.com/errata/ELSA-2023-12972.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-2604 vom 2021-03-22", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" }, { "category": "external", "summary": "Cisco Security Advisory CISCO-SA-DNSMASQ-DNS-2021-C5MRDF3G vom 2021-01-18", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g" }, { "category": "external", "summary": "DNSpooq Attack vom 2021-01-18", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "category": "external", "summary": "Arista Security Advisory 61 vom 2021-01-19", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4698-1 vom 2021-01-19", "url": "https://usn.ubuntu.com/4698-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0150 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0150" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0151 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0151" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0152 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0152" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0153 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0153" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0154 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0154" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0155 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0155" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0156 vom 2021-01-19", "url": "https://access.redhat.com/errata/RHSA-2021:0156" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-0153 vom 2021-01-19", "url": "http://linux.oracle.com/errata/ELSA-2021-0153.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-0150 vom 2021-01-20", "url": "https://linux.oracle.com/errata/ELSA-2021-0150.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0163-1 vom 2021-01-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008222.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:14603-1 vom 2021-01-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008224.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0166-1 vom 2021-01-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008223.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0162-1 vom 2021-01-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008225.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:14604-1 vom 2021-01-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008226.html" }, { "category": "external", "summary": "ICS CERT Advisory ICSA-21-019-01 vom 2021-01-19", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01" }, { "category": "external", "summary": "Changelog dnsmasq", "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" }, { "category": "external", "summary": "Arch Linux Security Advisory ASA-202101-38 vom 2021-01-21", "url": "https://security.archlinux.org/ASA-202101-38/generate" }, { "category": "external", "summary": "Synology Security Advisory SYNOLOGY-SA-21:01 vom 2021-01-25", "url": "https://www.synology.com/en-global/support/security/Synology_SA_21_01" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0240 vom 2021-01-25", "url": "https://access.redhat.com/errata/RHSA-2021:0240" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202101-17 vom 2021-01-25", "url": "https://security.gentoo.org/glsa/202101-17" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0245 vom 2021-01-25", "url": "https://access.redhat.com/errata/RHSA-2021:0245" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2021:0153 vom 2021-01-26", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2021-0153-Moderate-CentOS-7-dnsmasq-Security-Update-tp4646120.html" }, { "category": "external", "summary": "Zyxel security advisory for DNSpooq vom 2021-01-26", "url": "https://www.zyxel.com/support/DNSpooq.shtml" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0281 vom 2021-02-03", "url": "https://access.redhat.com/errata/RHSA-2021:0281" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0395 vom 2021-02-03", "url": "https://access.redhat.com/errata/RHSA-2021:0395" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0401 vom 2021-02-03", "url": "https://access.redhat.com/errata/RHSA-2021:0401" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1587 vom 2021-02-03", "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1587.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4844 vom 2021-02-04", "url": "https://www.debian.org/security/2021/dsa-4844" }, { "category": "external", "summary": "Aruba Product Security Advisory", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-006.txt" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4698-2 vom 2021-02-24", "url": "https://ubuntu.com/security/notices/USN-4698-2" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2021-006 vom 2021-03-03", "url": "https://downloads.avaya.com/css/P8/documents/101074267" }, { "category": "external", "summary": "QNAP Security Advisory QSA-21-09 vom 2021-06-30", "url": "https://www.qnap.com/de-de/security-advisory/QSA-21-09" } ], "source_lang": "en-US", "title": "dnsmasq: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-11-06T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:50:15.691+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2836", "initial_release_date": "2021-01-18T23:00:00.000+00:00", "revision_history": [ { "date": "2021-01-18T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-01-19T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Arista, Cisco, Ubuntu, Red Hat, Oracle Linux und SUSE aufgenommen" }, { "date": "2021-01-20T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Arch Linux aufgenommen" }, { "date": "2021-01-24T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Synology aufgenommen" }, { "date": "2021-01-25T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat und Gentoo aufgenommen" }, { "date": "2021-01-26T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von CentOS aufgenommen" }, { "date": "2021-02-02T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-02-03T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat und Amazon aufgenommen" }, { "date": "2021-02-04T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2021-02-23T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Aruba aufgenommen" }, { "date": "2021-02-24T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-03-04T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2021-03-22T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2021-06-30T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von QNAP aufgenommen" }, { "date": "2023-11-06T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Arista EOS", "product": { "name": "Arista EOS", "product_id": "T007065", "product_identification_helper": { "cpe": "cpe:/o:arista:arista_eos:-" } } } ], "category": "vendor", "name": "Arista" }, { "branches": [ { "category": "product_name", "name": "Aruba ArubaOS", "product": { "name": "Aruba ArubaOS", "product_id": "T016785", "product_identification_helper": { "cpe": "cpe:/o:arubanetworks:arubaos:-" } } } ], "category": "vendor", "name": "Aruba" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Communication Manager", "product": { "name": "Avaya Aura Communication Manager", "product_id": "T015126", "product_identification_helper": { "cpe": "cpe:/a:avaya:communication_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura Session Manager", "product": { "name": "Avaya Aura Session Manager", "product_id": "T015127", "product_identification_helper": { "cpe": "cpe:/a:avaya:session_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura System Manager", "product": { "name": "Avaya Aura System Manager", "product_id": "T015518", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_system_manager:-" } } }, { "category": "product_name", "name": "Avaya Web License Manager", "product": { "name": "Avaya Web License Manager", "product_id": "T016243", "product_identification_helper": { "cpe": "cpe:/a:avaya:web_license_manager:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Cisco Aironet Access Point", "product": { "name": "Cisco Aironet Access Point", "product_id": "T012215", "product_identification_helper": { "cpe": "cpe:/o:cisco:aironet_access_point_software:-" } } }, { "category": "product_name", "name": "Cisco Analog Telephone Adaptor (ATA)", "product": { "name": "Cisco Analog Telephone Adaptor (ATA)", "product_id": "T015211", "product_identification_helper": { "cpe": "cpe:/h:cisco:ata:spa122" } } }, { "category": "product_name", "name": "Cisco Catalyst Access Point", "product": { "name": "Cisco Catalyst Access Point", "product_id": "T018120", "product_identification_helper": { "cpe": "cpe:/h:cisco:catalyst:access_point" } } }, { "category": "product_name", "name": "Cisco IP Phone", "product": { "name": "Cisco IP Phone", "product_id": "2070", "product_identification_helper": { "cpe": "cpe:/h:cisco:ip_phone:-" } } }, { "category": "product_name", "name": "Cisco Small Business", "product": { "name": "Cisco Small Business", "product_id": "T006515", "product_identification_helper": { "cpe": "cpe:/h:cisco:small_business:srp520" } } }, { "category": "product_name", "name": "Cisco TelePresence Video Communication Server", "product": { "name": "Cisco TelePresence Video Communication Server", "product_id": "T018121", "product_identification_helper": { "cpe": "cpe:/h:cisco:telepresence:video_communication_server" } } }, { "category": "product_name", "name": "Cisco Unified IP Phone", "product": { "name": "Cisco Unified IP Phone", "product_id": "T003264", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_ip_phones:-" } } }, { "category": "product_name", "name": "Cisco WebEx Teams", "product": { "name": "Cisco WebEx Teams", "product_id": "T013516", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex:teams" } } } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Open Source Arch Linux", "product": { "name": "Open Source Arch Linux", "product_id": "T013312", "product_identification_helper": { "cpe": "cpe:/o:archlinux:archlinux:-" } } }, { "category": "product_name", "name": "Open Source CentOS", "product": { "name": "Open Source CentOS", "product_id": "1727", "product_identification_helper": { "cpe": "cpe:/o:centos:centos:-" } } }, { "category": "product_name", "name": "Open Source dnsmasq \u003c 2.83", "product": { "name": "Open Source dnsmasq \u003c 2.83", "product_id": "T018119", "product_identification_helper": { "cpe": "cpe:/a:dnsmasq:dnsmasq:2.83" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "QNAP NAS", "product": { "name": "QNAP NAS", "product_id": "T017100", "product_identification_helper": { "cpe": "cpe:/h:qnap:nas:-" } } } ], "category": "vendor", "name": "QNAP" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Synology DiskStation Manager", "product": { "name": "Synology DiskStation Manager", "product_id": "450918", "product_identification_helper": { "cpe": "cpe:/a:synology:diskstation_manager:-" } } } ], "category": "vendor", "name": "Synology" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25681", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25681" }, { "cve": "CVE-2020-25682", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25682" }, { "cve": "CVE-2020-25683", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25683" }, { "cve": "CVE-2020-25684", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25684" }, { "cve": "CVE-2020-25685", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25685" }, { "cve": "CVE-2020-25686", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25686" }, { "cve": "CVE-2020-25687", "notes": [ { "category": "description", "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren." } ], "product_status": { "known_affected": [ "2070", "T003264", "67646", "T006515", "T012215", "T015127", "T015126", "T004914", "450918", "T018120", "T018121", "398363", "T007065", "T013516", "T015518", "T015516", "T013312", "T012167", "T016785", "T015211", "T016243", "T017100", "2951", "T002207", "T000126", "1727" ] }, "release_date": "2021-01-18T23:00:00Z", "title": "CVE-2020-25687" } ] }
cisco-sa-dnsmasq-dns-2021-c5mrdf3g
Vulnerability from csaf_cisco
Published
2021-01-19 12:15
Modified
2021-08-30 17:24
Summary
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
Notes
Summary
A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq.
Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability.
Multiple Cisco products are affected by these vulnerabilities.
Cisco will release software updates that address these vulnerabilities. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.
Note: At the time of publication, no Cisco products were found to be affected by the remote code execution and DoS vulnerabilities, which are identified by the following Common Vulnerabilities and Exposures (CVE) IDs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g"]
Affected Products
Cisco investigated its product line to determine which products may be affected by these vulnerabilities.
The Vulnerable Products ["#vp"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.
Any product or service not listed in Vulnerable Products ["#vp"] section of this advisory is to be considered not vulnerable.
Vulnerable Products
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
At the time of this investigation, no Cisco products have been found to be affected by the remote code execution and DoS vulnerabilities.
Multiple Cisco products have been found to be susceptible to DNS cache poisoning attacks. The following table lists Cisco products that have been found to be susceptible to DNS cache poisoning attacks.
If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
Product Cisco Bug ID Fixed Release Availability Network Management and Provisioning Cisco Aironet 1560 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1810 Series OfficeExtend Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1810w Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1815 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1830 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1850 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 2800 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 3800 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 4800 Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Business 100 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] 10.4.1.0 (Mar 2021) Cisco Business 200 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] 10.4.1.0 (Mar 2021) Cisco Catalyst 9100 Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Catalyst IW6300 Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco ESW6300 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Policy Suite CSCvv83241 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83241"] 21.1.0 Routing and Switching - Enterprise and Service Provider Cisco 1000 Series Connected Grid Routers (CGR1000 compute module) CSCvv84554 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84554"] 15.9(3)M4 (Jul 2021) Cisco IR800 Integrated Services Router (Guest OS) CSCvv84553 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84553"] 15.9(3)M4 (Jul 2021) Cisco Wireless Gateway for LoRaWAN CSCvw00914 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00914"] 2.1.0.3 (Mar 2021) Meraki Products Cisco Meraki MR (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MS (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MV (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MX (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki Z-Series (all models) N/A Release no. TBD (Aug 2021) Routing and Switching - Small Business Cisco RV042 Dual WAN VPN Router CSCvv83789 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789"] None planned Cisco RV042G Dual Gigabit WAN VPN Router CSCvv83789 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789"] None planned Cisco RV160x VPN Router CSCvv83787 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83787"] 1.0.02.x (Mar 2021) Cisco RV260x VPN Router CSCvv83788 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83788"] 1.0.02.x (Mar 2021) Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router CSCvv83239 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83239"] 1.0.04.x (Mar 2021) Cisco Small Business RV Series RV110W Wireless-N VPN Firewall CSCvv83235 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83235"] None planned Cisco Small Business RV Series RV215W Wireless-N VPN Router CSCvv83237 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83237"] None planned Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router CSCvv83238 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83238"] None planned Cisco Small Business RV Series RV325 Dual WAN VPN Router CSCvv83816 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83816"] None planned Cisco Small Business RV130 Series VPN Routers CSCvv83791 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83791"] None planned Cisco Small Business RV130 VPN Router CSCvv83236 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83236"] None planned Unified Computing Cisco Enterprise NFV Infrastructure Software (NFVIS) CSCvw00975 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00975"] 4.5 (Mar 2021) Voice and Unified Communications Devices Cisco IP Conference Phone 7832 CSCvv83246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83246"] 14.0 (Mar 2021) Cisco IP Conference Phone 8832 CSCvv83250 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83250"] 14.0 (Mar 2021) Cisco IP Phone 6800 Series with Multiplatform Firmware CSCvv83248 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83248"] 11.3.4 (Jun 2021) Cisco IP Phone 6821 with Multiplatform Firmware CSCvw00982 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00982"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series with Multiplatform Firmware CSCvv83243 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83243"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series CSCvv83249 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83249"] 14.0 (Mar 2021) Cisco IP Phone 8800 Series with Multiplatform Firmware CSCvv83242 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242"] 11.3.4 (Jun 2021) Cisco IP Phone 8800 Series CSCvv83242 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242"] 14.0 (Mar 2021) Cisco IP Phone 8865 CSCvv83245 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83245"] 14.0 (Mar 2021) Cisco SPA112 2-Port Phone Adapter CSCvv83234 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"] None planned Cisco SPA122 Analog Telephone Adapter (ATA) with Router CSCvv83234 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"] None planned Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) CSCvv83234 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"] None planned Cisco Unified IP Phone 9951 CSCvv83247 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247"]
None planned Cisco Unified IP Phone 9971 CSCvv83247 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247"]
None planned Cisco Wireless IP Phone 8821 CSCvw00918 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00918"] 11.0(6)SR1 (Apr 2021) Video, Streaming, TelePresence, and Transcoding Devices Cisco Expressway Series CSCvv83227 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227"] X12.7.1 Cisco TelePresence Video Communication Server (VCS) CSCvv83227 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227"] X12.7.1 Cisco Cloud Hosted Services Cisco IP Phone 6800 Series CSCvw01205 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw01205"] 11.3.4 (Jun 2021) Cisco Spark Calling CSCvw00907 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00907"] X12.7.1 (Feb 2021) Cisco Webex Teams (formerly Cisco Spark) CSCvv83214 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83214"] None planned Cisco Webex Room Phone CSCvv87082 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv87082"] 1.2(0)SR1 (Aug 2021)
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Cisco products that do not offer DNS server capabilities are not affected by these vulnerabilities. Cisco has also confirmed that Cisco IOS XE Software is not affected by any of these vulnerabilities.
At the time of publication, no Cisco products were found to be affected by the vulnerabilities identified by the following Common Vulnerabilities and Exposures (CVE) IDs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
Details
Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the DNSSEC implementation of dnsmasq could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
The vulnerabilities are due to improper memory management when the affected software processes DNS packets with DNSSEC data. An attacker could exploit these vulnerabilities by sending malicious DNS packets to be processed by the affected device.
When these packets are processed, an exploitable overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the underlying dnsmasq software or cause DoS condition on the affected device.
These vulnerabilities affect dnsmasq installations that match all of the following criteria:
Include a vulnerable release of dnsmasq
Capable of acting as a DNS server
Capable of validating DNSSEC data
These vulnerabilities have been assigned the following CVE IDs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
At the time of this investigation, no Cisco products have been found to be affected by these vulnerabilities.
DNS Cache Poisoning Attacks
Multiple weaknesses in the DNS server functionality of dnsmasq could allow an unauthenticated, remote attacker to more easily forge DNS answers that can poison DNS caches.
Each weakness results in dnsmasq accepting DNS answers based on checks that are performed on an amount of entropy that is lower than what is mandated by RFC 5452. The combination of these weaknesses would allow an attacker to mount a successful DNS cache poisoning attack with low traffic requirements.
These weaknesses affect dnsmasq installations that match all of the following criteria:
Include a vulnerable release of dnsmasq
Capable of acting as a DNS server
Capable of caching DNS responses
These weaknesses have been assigned the following CVE IDs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
Multiple Cisco products have been found to be susceptible to DNS cache poisoning attacks.
Workarounds
Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.
Fixed Software
For information about fixed software releases ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], consult the Cisco bugs identified in the Vulnerable Products ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g#vp"] section of this advisory.
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.
Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.
Source
Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities, which were investigated and disclosed under the coordination of CERT/CC.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ "document": { "acknowledgments": [ { "summary": "Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities, which were investigated and disclosed under the coordination of CERT/CC." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "notes": [ { "category": "summary", "text": "A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq.\r\n\r\nExploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability.\r\n\r\nMultiple Cisco products are affected by these vulnerabilities.\r\n\r\nCisco will release software updates that address these vulnerabilities. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nNote: At the time of publication, no Cisco products were found to be affected by the remote code execution and DoS vulnerabilities, which are identified by the following Common Vulnerabilities and Exposures (CVE) IDs:\r\n\r\n\r\nCVE-2020-25681\r\nCVE-2020-25682\r\nCVE-2020-25683\r\nCVE-2020-25687\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g\"]", "title": "Summary" }, { "category": "general", "text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nThe Vulnerable Products [\"#vp\"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.\r\n\r\nAny product or service not listed in Vulnerable Products [\"#vp\"] section of this advisory is to be considered not vulnerable.", "title": "Affected Products" }, { "category": "general", "text": "For information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n\r\nAt the time of this investigation, no Cisco products have been found to be affected by the remote code execution and DoS vulnerabilities.\r\n\r\nMultiple Cisco products have been found to be susceptible to DNS cache poisoning attacks. The following table lists Cisco products that have been found to be susceptible to DNS cache poisoning attacks.\r\n\r\nIf a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability Network Management and Provisioning Cisco Aironet 1560 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1810 Series OfficeExtend Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1810w Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1815 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1830 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1850 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 2800 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 3800 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 4800 Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Business 100 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] 10.4.1.0 (Mar 2021) Cisco Business 200 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] 10.4.1.0 (Mar 2021) Cisco Catalyst 9100 Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Catalyst IW6300 Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco ESW6300 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Policy Suite CSCvv83241 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83241\"] 21.1.0 Routing and Switching - Enterprise and Service Provider Cisco 1000 Series Connected Grid Routers (CGR1000 compute module) CSCvv84554 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84554\"] 15.9(3)M4 (Jul 2021) Cisco IR800 Integrated Services Router (Guest OS) CSCvv84553 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84553\"] 15.9(3)M4 (Jul 2021) Cisco Wireless Gateway for LoRaWAN CSCvw00914 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00914\"] 2.1.0.3 (Mar 2021) Meraki Products Cisco Meraki MR (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MS (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MV (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MX (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki Z-Series (all models) N/A Release no. TBD (Aug 2021) Routing and Switching - Small Business Cisco RV042 Dual WAN VPN Router CSCvv83789 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789\"] None planned Cisco RV042G Dual Gigabit WAN VPN Router CSCvv83789 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789\"] None planned Cisco RV160x VPN Router CSCvv83787 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83787\"] 1.0.02.x (Mar 2021) Cisco RV260x VPN Router CSCvv83788 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83788\"] 1.0.02.x (Mar 2021) Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router CSCvv83239 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83239\"] 1.0.04.x (Mar 2021) Cisco Small Business RV Series RV110W Wireless-N VPN Firewall CSCvv83235 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83235\"] None planned Cisco Small Business RV Series RV215W Wireless-N VPN Router CSCvv83237 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83237\"] None planned Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router CSCvv83238 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83238\"] None planned Cisco Small Business RV Series RV325 Dual WAN VPN Router CSCvv83816 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83816\"] None planned Cisco Small Business RV130 Series VPN Routers CSCvv83791 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83791\"] None planned Cisco Small Business RV130 VPN Router CSCvv83236 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83236\"] None planned Unified Computing Cisco Enterprise NFV Infrastructure Software (NFVIS) CSCvw00975 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00975\"] 4.5 (Mar 2021) Voice and Unified Communications Devices Cisco IP Conference Phone 7832 CSCvv83246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83246\"] 14.0 (Mar 2021) Cisco IP Conference Phone 8832 CSCvv83250 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83250\"] 14.0 (Mar 2021) Cisco IP Phone 6800 Series with Multiplatform Firmware CSCvv83248 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83248\"] 11.3.4 (Jun 2021) Cisco IP Phone 6821 with Multiplatform Firmware CSCvw00982 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00982\"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series with Multiplatform Firmware CSCvv83243 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83243\"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series CSCvv83249 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83249\"] 14.0 (Mar 2021) Cisco IP Phone 8800 Series with Multiplatform Firmware CSCvv83242 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242\"] 11.3.4 (Jun 2021) Cisco IP Phone 8800 Series CSCvv83242 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242\"] 14.0 (Mar 2021) Cisco IP Phone 8865 CSCvv83245 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83245\"] 14.0 (Mar 2021) Cisco SPA112 2-Port Phone Adapter CSCvv83234 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234\"] None planned Cisco SPA122 Analog Telephone Adapter (ATA) with Router CSCvv83234 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234\"] None planned Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) CSCvv83234 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234\"] None planned Cisco Unified IP Phone 9951 CSCvv83247 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247\"]\r\nNone planned Cisco Unified IP Phone 9971 CSCvv83247 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247\"]\r\nNone planned Cisco Wireless IP Phone 8821 CSCvw00918 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00918\"] 11.0(6)SR1 (Apr 2021) Video, Streaming, TelePresence, and Transcoding Devices Cisco Expressway Series CSCvv83227 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227\"] X12.7.1 Cisco TelePresence Video Communication Server (VCS) CSCvv83227 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227\"] X12.7.1 Cisco Cloud Hosted Services Cisco IP Phone 6800 Series CSCvw01205 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw01205\"] 11.3.4 (Jun 2021) Cisco Spark Calling CSCvw00907 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00907\"] X12.7.1 (Feb 2021) Cisco Webex Teams (formerly Cisco Spark) CSCvv83214 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83214\"] None planned Cisco Webex Room Phone CSCvv87082 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv87082\"] 1.2(0)SR1 (Aug 2021)", "title": "Vulnerable Products" }, { "category": "general", "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco products that do not offer DNS server capabilities are not affected by these vulnerabilities. Cisco has also confirmed that Cisco IOS XE Software is not affected by any of these vulnerabilities.\r\n\r\nAt the time of publication, no Cisco products were found to be affected by the vulnerabilities identified by the following Common Vulnerabilities and Exposures (CVE) IDs:\r\n\r\nCVE-2020-25681\r\nCVE-2020-25682\r\nCVE-2020-25683\r\nCVE-2020-25687", "title": "Products Confirmed Not Vulnerable" }, { "category": "general", "text": "Remote Code Execution and Denial of Service Vulnerabilities\r\n\r\nMultiple vulnerabilities in the DNSSEC implementation of dnsmasq could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerabilities are due to improper memory management when the affected software processes DNS packets with DNSSEC data. An attacker could exploit these vulnerabilities by sending malicious DNS packets to be processed by the affected device.\r\n\r\nWhen these packets are processed, an exploitable overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the underlying dnsmasq software or cause DoS condition on the affected device.\r\n\r\nThese vulnerabilities affect dnsmasq installations that match all of the following criteria:\r\n\r\nInclude a vulnerable release of dnsmasq\r\nCapable of acting as a DNS server\r\nCapable of validating DNSSEC data\r\n\r\nThese vulnerabilities have been assigned the following CVE IDs:\r\n\r\n\r\nCVE-2020-25681\r\nCVE-2020-25682\r\nCVE-2020-25683\r\nCVE-2020-25687\r\n\r\nAt the time of this investigation, no Cisco products have been found to be affected by these vulnerabilities.\r\n\r\nDNS Cache Poisoning Attacks\r\n\r\nMultiple weaknesses in the DNS server functionality of dnsmasq could allow an unauthenticated, remote attacker to more easily forge DNS answers that can poison DNS caches.\r\n\r\nEach weakness results in dnsmasq accepting DNS answers based on checks that are performed on an amount of entropy that is lower than what is mandated by RFC 5452. The combination of these weaknesses would allow an attacker to mount a successful DNS cache poisoning attack with low traffic requirements.\r\n\r\nThese weaknesses affect dnsmasq installations that match all of the following criteria:\r\n\r\nInclude a vulnerable release of dnsmasq\r\nCapable of acting as a DNS server\r\nCapable of caching DNS responses\r\n\r\nThese weaknesses have been assigned the following CVE IDs:\r\n\r\nCVE-2020-25684\r\nCVE-2020-25685\r\nCVE-2020-25686\r\n\r\nMultiple Cisco products have been found to be susceptible to DNS cache poisoning attacks.", "title": "Details" }, { "category": "general", "text": "Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.", "title": "Workarounds" }, { "category": "general", "text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.", "title": "Fixed Software" }, { "category": "general", "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", "title": "Vulnerability Policy" }, { "category": "general", "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nCisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.", "title": "Exploitation and Public Announcements" }, { "category": "general", "text": "Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities, which were investigated and disclosed under the coordination of CERT/CC.", "title": "Source" }, { "category": "legal_disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", "title": "Legal Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.", "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", "name": "Cisco", "namespace": "https://wwww.cisco.com" }, "references": [ { "category": "self", "summary": "Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g" }, { "category": "external", "summary": "Cisco Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" }, { "category": "external", "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g" }, { "category": "external", "summary": "Cisco\u0026nbsp;Bug Search Tool", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754" }, { "category": "external", "summary": "CSCvv83241", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83241" }, { "category": "external", "summary": "CSCvv84554", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84554" }, { "category": "external", "summary": "CSCvv84553", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84553" }, { "category": "external", "summary": "CSCvw00914", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00914" }, { "category": "external", "summary": "CSCvv83789", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789" }, { "category": "external", "summary": "CSCvv83789", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789" }, { "category": "external", "summary": "CSCvv83787", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83787" }, { "category": "external", "summary": "CSCvv83788", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83788" }, { "category": "external", "summary": "CSCvv83239", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83239" }, { "category": "external", "summary": "CSCvv83235", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83235" }, { "category": "external", "summary": "CSCvv83237", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83237" }, { "category": "external", "summary": "CSCvv83238", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83238" }, { "category": "external", "summary": "CSCvv83816", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83816" }, { "category": "external", "summary": "CSCvv83791", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83791" }, { "category": "external", "summary": "CSCvv83236", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83236" }, { "category": "external", "summary": "CSCvw00975", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00975" }, { "category": "external", "summary": "CSCvv83246", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83246" }, { "category": "external", "summary": "CSCvv83250", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83250" }, { "category": "external", "summary": "CSCvv83248", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83248" }, { "category": "external", "summary": "CSCvw00982", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00982" }, { "category": "external", "summary": "CSCvv83243", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83243" }, { "category": "external", "summary": "CSCvv83249", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83249" }, { "category": "external", "summary": "CSCvv83242", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242" }, { "category": "external", "summary": "CSCvv83242", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242" }, { "category": "external", "summary": "CSCvv83245", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83245" }, { "category": "external", "summary": "CSCvv83234", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234" }, { "category": "external", "summary": "CSCvv83234", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234" }, { "category": "external", "summary": "CSCvv83234", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234" }, { "category": "external", "summary": "CSCvv83247", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247" }, { "category": "external", "summary": "CSCvv83247", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247" }, { "category": "external", "summary": "CSCvw00918", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00918" }, { "category": "external", "summary": "CSCvv83227", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227" }, { "category": "external", "summary": "CSCvv83227", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227" }, { "category": "external", "summary": "CSCvw01205", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw01205" }, { "category": "external", "summary": "CSCvw00907", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00907" }, { "category": "external", "summary": "CSCvv83214", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83214" }, { "category": "external", "summary": "CSCvv87082", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv87082" }, { "category": "external", "summary": "fixed software releases", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "Vulnerable Products", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g#vp" }, { "category": "external", "summary": "considering software upgrades", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "Cisco\u0026nbsp;Security Advisories page", "url": "https://www.cisco.com/go/psirt" }, { "category": "external", "summary": "Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" } ], "title": "Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021", "tracking": { "current_release_date": "2021-08-30T17:24:42+00:00", "generator": { "date": "2022-10-22T03:10:44+00:00", "engine": { "name": "TVCE" } }, "id": "cisco-sa-dnsmasq-dns-2021-c5mrdf3g", "initial_release_date": "2021-01-19T12:15:00+00:00", "revision_history": [ { "date": "2021-01-19T12:05:02+00:00", "number": "1.0.0", "summary": "Initial public release." }, { "date": "2021-02-02T17:34:33+00:00", "number": "1.1.0", "summary": "Updated fixed release availability information for Cisco Meraki devices, Cisco Access Points, Cisco IR800 Integrated Services Router, and Cisco 1000 Series Connected Grid Routers." }, { "date": "2021-03-09T12:32:04+00:00", "number": "1.2.0", "summary": "Updated fixed release availability information." }, { "date": "2021-04-26T12:02:10+00:00", "number": "1.3.0", "summary": "Updated list of products confirmed not vulnerable. Removed list of products under investigation." }, { "date": "2021-08-30T17:24:42+00:00", "number": "1.4.0", "summary": "Updated Webex Room Phone fixed release." } ], "status": "final", "version": "1.4.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_family", "name": "Cisco NX-OS Software", "product": { "name": "Cisco NX-OS Software ", "product_id": "CSAFPID-80720" } }, { "category": "product_family", "name": "Cisco Identity Services Engine Software", "product": { "name": "Cisco Identity Services Engine Software ", "product_id": "CSAFPID-111903" } }, { "category": "product_family", "name": "Cisco TelePresence Video Communication Server (VCS) Expressway", "product": { "name": "Cisco TelePresence Video Communication Server (VCS) Expressway ", "product_id": "CSAFPID-209614" } }, { "category": "product_family", "name": "Cisco Session Initiation Protocol (SIP) Software", "product": { "name": "Cisco Session Initiation Protocol (SIP) Software ", "product_id": "CSAFPID-277608" } } ], "category": "vendor", "name": "Cisco" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25683", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" }, { "system_name": "Cisco Bug ID", "text": "CSCvx17339" }, { "system_name": "Cisco Bug ID", "text": "CSCvx20637" }, { "system_name": "Cisco Bug ID", "text": "CSCvv83232" }, { "system_name": "Cisco Bug ID", "text": "CSCvw00918" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-80720", "CSAFPID-209614", "CSAFPID-111903", "CSAFPID-277608" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-80720", "CSAFPID-209614", "CSAFPID-111903", "CSAFPID-277608" ] } ], "title": "vuln-CVE-2020-25683" }, { "cve": "CVE-2020-25687", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvv83232" }, { "system_name": "Cisco Bug ID", "text": "CSCvx17339" }, { "system_name": "Cisco Bug ID", "text": "CSCvx20637" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" }, { "system_name": "Cisco Bug ID", "text": "CSCvw00918" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-111903", "CSAFPID-209614", "CSAFPID-80720", "CSAFPID-277608" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-111903", "CSAFPID-209614", "CSAFPID-80720", "CSAFPID-277608" ] } ], "title": "vuln-CVE-2020-25687" }, { "cve": "CVE-2020-25681", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvx20637" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" }, { "system_name": "Cisco Bug ID", "text": "CSCvw00918" }, { "system_name": "Cisco Bug ID", "text": "CSCvv83232" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-209614", "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-111903" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-209614", "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-111903" ] } ], "title": "vuln-CVE-2020-25681" }, { "cve": "CVE-2020-25682", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvx20637" }, { "system_name": "Cisco Bug ID", "text": "CSCvw00918" }, { "system_name": "Cisco Bug ID", "text": "CSCvv83232" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-209614", "CSAFPID-277608", "CSAFPID-111903", "CSAFPID-80720" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-209614", "CSAFPID-277608", "CSAFPID-111903", "CSAFPID-80720" ] } ], "title": "vuln-CVE-2020-25682" }, { "cve": "CVE-2020-25686", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvw00918" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" }, { "system_name": "Cisco Bug ID", "text": "CSCvx17339" }, { "system_name": "Cisco Bug ID", "text": "CSCvx20637" }, { "system_name": "Cisco Bug ID", "text": "CSCvv83232" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-277608", "CSAFPID-80720", "CSAFPID-209614", "CSAFPID-111903" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-277608", "CSAFPID-80720", "CSAFPID-209614", "CSAFPID-111903" ] } ], "title": "vuln-CVE-2020-25686" }, { "cve": "CVE-2020-25685", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvx20637" }, { "system_name": "Cisco Bug ID", "text": "CSCvw00918" }, { "system_name": "Cisco Bug ID", "text": "CSCvv83232" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-209614", "CSAFPID-277608", "CSAFPID-111903", "CSAFPID-80720" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-209614", "CSAFPID-277608", "CSAFPID-111903", "CSAFPID-80720" ] } ], "title": "vuln-CVE-2020-25685" }, { "cve": "CVE-2020-25684", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvw00918" }, { "system_name": "Cisco Bug ID", "text": "CSCvv83232" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66581" }, { "system_name": "Cisco Bug ID", "text": "CSCvx66584" }, { "system_name": "Cisco Bug ID", "text": "CSCvx20637" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-277608", "CSAFPID-111903", "CSAFPID-80720", "CSAFPID-209614" ] }, "release_date": "2021-01-19T12:15:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-80720", "CSAFPID-277608", "CSAFPID-209614", "CSAFPID-111903" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-277608", "CSAFPID-111903", "CSAFPID-80720", "CSAFPID-209614" ] } ], "title": "Multiple Vulnerabilities in dnsmasq DNS server affecting Cisco Products: January 2021" } ] }
gsd-2020-25683
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-25683", "description": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "id": "GSD-2020-25683", "references": [ "https://www.suse.com/security/cve/CVE-2020-25683.html", "https://www.debian.org/security/2021/dsa-4844", "https://access.redhat.com/errata/RHSA-2021:0152", "https://access.redhat.com/errata/RHSA-2021:0151", "https://access.redhat.com/errata/RHSA-2021:0150", "https://ubuntu.com/security/CVE-2020-25683", "https://advisories.mageia.org/CVE-2020-25683.html", "https://security.archlinux.org/CVE-2020-25683", "https://linux.oracle.com/cve/CVE-2020-25683.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-25683" ], "details": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "id": "GSD-2020-25683", "modified": "2023-12-13T01:21:56.840883Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25683", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "dnsmasq", "version": { "version_data": [ { "version_value": "dnsmasq 2.83" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jsof-tech.com/disclosures/dnspooq/", "refsource": "MISC", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "name": "FEDORA-2021-84440e87ba", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/" }, { "name": "GLSA-202101-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202101-17" }, { "name": "DSA-4844", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4844" }, { "name": "FEDORA-2021-2e4c3d5a9d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/" }, { "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.83", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25683" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018" }, { "name": "https://www.jsof-tech.com/disclosures/dnspooq/", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "name": "FEDORA-2021-84440e87ba", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/" }, { "name": "GLSA-202101-17", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202101-17" }, { "name": "DSA-4844", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4844" }, { "name": "FEDORA-2021-2e4c3d5a9d", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/" }, { "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } }, "lastModifiedDate": "2021-03-26T18:36Z", "publishedDate": "2021-01-20T16:15Z" } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.