var-201303-0197
Vulnerability from variot
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. Dnsmasq is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial-of-service conditions through a large stream of spoofed DNS queries. Dnsmasq versions 2.62 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2013:072 http://www.mandriva.com/en/support/security/
Package : dnsmasq Date : April 8, 2013 Affected: Business Server 1.0
Problem Description:
Updated dnsmasq packages fix security vulnerabilities:
When dnsmasq before 2.63 is used in conjunctions with certain configurations of libvirtd, network packets from prohibited networks (e.g. packets that should not be passed in) may be sent to the dnsmasq application and processed. This can result in DNS amplification attacks for example (CVE-2012-3411).
This update adds a new option --bind-dynamic which is immune to this problem.
Updated dnsmasq packages fix security vulnerabilities (CVE-2013-0198):
This update completes the fix for CVE-2012-3411 provided with dnsmasq-2.63.
This update fix these three cases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0198 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0273 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0030
Updated Packages:
Mandriva Business Server 1/X86_64: 89bdd7af8963a0c0e51a52b5b08295b0 mbs1/x86_64/dnsmasq-2.63-1.mbs1.x86_64.rpm 1b45290efb8694734cfa1616b5ef6294 mbs1/x86_64/dnsmasq-base-2.63-1.mbs1.x86_64.rpm 8782b678c40e2c8ccedb39f60e2b6f0d mbs1/SRPMS/dnsmasq-2.63-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRYvSNmqjQ0CJFipgRAmDuAKDqB4WerX13N+7g/zR6iU5C6b8QjACdEdEW koGb8Voa5rhgjjRVCT1ZvBg= =VQ4h -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-24
http://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Denial of Service Date: June 25, 2014 Bugs: #436894, #453170 ID: 201406-24
Synopsis
A vulnerability in Dnsmasq can lead to a Denial of Service condition.
Background
Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.66"
References
[ 1 ] CVE-2012-3411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3411 [ 2 ] CVE-2013-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0198
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0197",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.66test2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "1.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.30"
}
],
"sources": [
{
"db": "BID",
"id": "57458"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.65",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Josh Stone",
"sources": [
{
"db": "BID",
"id": "57458"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-0198",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0198",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-396",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. Dnsmasq is prone to multiple denial-of-service vulnerabilities. \nAn attacker can exploit these issues to cause denial-of-service conditions through a large stream of spoofed DNS queries. \nDnsmasq versions 2.62 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2013:072\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : dnsmasq\n Date : April 8, 2013\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated dnsmasq packages fix security vulnerabilities:\n \n When dnsmasq before 2.63 is used in conjunctions with certain\n configurations of libvirtd, network packets from prohibited networks\n (e.g. packets that should not be passed in) may be sent to the dnsmasq\n application and processed. This can result in DNS amplification\n attacks for example (CVE-2012-3411). \n \n This update adds a new option --bind-dynamic which is immune to\n this problem. \n \n Updated dnsmasq packages fix security vulnerabilities (CVE-2013-0198):\n \n This update completes the fix for CVE-2012-3411 provided with\n dnsmasq-2.63. \n \n This update fix these three cases. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3411\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0198\n https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0273\n https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0030\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 89bdd7af8963a0c0e51a52b5b08295b0 mbs1/x86_64/dnsmasq-2.63-1.mbs1.x86_64.rpm\n 1b45290efb8694734cfa1616b5ef6294 mbs1/x86_64/dnsmasq-base-2.63-1.mbs1.x86_64.rpm \n 8782b678c40e2c8ccedb39f60e2b6f0d mbs1/SRPMS/dnsmasq-2.63-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFRYvSNmqjQ0CJFipgRAmDuAKDqB4WerX13N+7g/zR6iU5C6b8QjACdEdEW\nkoGb8Voa5rhgjjRVCT1ZvBg=\n=VQ4h\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Denial of Service\n Date: June 25, 2014\n Bugs: #436894, #453170\n ID: 201406-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in Dnsmasq can lead to a Denial of Service condition. \n\nBackground\n==========\n\nDnsmasq is a lightweight, easy to configure DNS forwarder and DHCP\nserver. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.66\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-3411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3411\n[ 2 ] CVE-2013-0198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0198\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "BID",
"id": "57458"
},
{
"db": "PACKETSTORM",
"id": "121148"
},
{
"db": "PACKETSTORM",
"id": "127218"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0198",
"trust": 2.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/01/18/7",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/01/18/2",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001751",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396",
"trust": 0.6
},
{
"db": "BID",
"id": "57458",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "121148",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127218",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "57458"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "PACKETSTORM",
"id": "121148"
},
{
"db": "PACKETSTORM",
"id": "127218"
},
{
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"id": "VAR-201303-0197",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-18T11:21:49.952000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 894486",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894486"
},
{
"title": "MDVSA-2013:072",
"trust": 0.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:072"
},
{
"title": "Correct behaviour for TCP queries to allowed address via banned interface. v2.66test12",
"trust": 0.8,
"url": "http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=22ce550e5346947a12a781ed0959a7b1165d0dc6"
},
{
"title": "dnsmasq-2.66test2",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=45660"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894486"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:072"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2013/01/18/2"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2013/01/18/7"
},
{
"trust": 1.6,
"url": "http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commitdiff%3bh=22ce550e5346947a12a781ed0959a7b1165d0dc6"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0198"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0198"
},
{
"trust": 0.6,
"url": "http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=22ce550e5346947a12a781ed0959a7b1165d0dc6"
},
{
"trust": 0.3,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0198"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3411"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "https://wiki.mageia.org/en/support/advisories/mgasa-2013-0030"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3411"
},
{
"trust": 0.1,
"url": "https://wiki.mageia.org/en/support/advisories/mgasa-2012-0273"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3411"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0198"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-24.xml"
}
],
"sources": [
{
"db": "BID",
"id": "57458"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "PACKETSTORM",
"id": "121148"
},
{
"db": "PACKETSTORM",
"id": "127218"
},
{
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "57458"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"db": "PACKETSTORM",
"id": "121148"
},
{
"db": "PACKETSTORM",
"id": "127218"
},
{
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57458"
},
{
"date": "2013-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"date": "2013-04-08T21:29:19",
"db": "PACKETSTORM",
"id": "121148"
},
{
"date": "2014-06-25T22:49:52",
"db": "PACKETSTORM",
"id": "127218"
},
{
"date": "2013-03-05T21:38:54.827000",
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"date": "2013-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T20:39:00",
"db": "BID",
"id": "57458"
},
{
"date": "2013-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001751"
},
{
"date": "2023-11-07T02:13:46.600000",
"db": "NVD",
"id": "CVE-2013-0198"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq Service disruption in ( Traffic amplification ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-396"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.