Multiple vulnerabilities in Dnsmasq



Published: 2021-01-20
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
CWE-ID CWE-122
CWE-345
CWE-327
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
Dnsmasq
Server applications / DNS servers

Vendor

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU49840

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25681

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "sort_rrset()" when DNSSEC is used. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU49841

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25682

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "extract_name()" function when DNSSEC is enabled. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU49842

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25683

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in rfc1035.c:extract_name(). A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Insufficient verification of data authenticity

EUVDB-ID: #VU49843

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25684

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of proper address/port check within the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU49844

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25685

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of query resource name (RRNAME) checks in the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insufficient verification of data authenticity

EUVDB-ID: #VU49845

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25686

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software does not check for an existing pending request for the same name and forwards a new request. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

EUVDB-ID: #VU49846

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25687

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in rfc1035.c:extract_name(). A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dnsmasq: before 2.83


CPE2.3 External links

http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###