Use of a broken or risky cryptographic algorithm in Dnsmasq

#VU49844 Use of a broken or risky cryptographic algorithm in Dnsmasq

Published: 2021-01-24

Vulnerability identifier: #VU49844

Vulnerability risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25685

CWE-ID: CWE-327

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Dnsmasq
Server applications / DNS servers

Vendor:

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of query resource name (RRNAME) checks in the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://ics-cert.us-cert.gov/advisories/icsa-21-019-01
http://www.jsof-tech.com/disclosures/dnspooq/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)

Moxa AWK-3131A/4131A/1137C/1131A devices update for dnsmasq

Multiple vulnerabilities in QNAP QTS, QuTS hero and QuTScloud

Multiple dnsmasq vulnerabilities in F5 F5OS

Multiple vulnerabilities in dnsmasq implementation in Aruba products

Ubuntu update for dnsmasq

Slackware Linux update for dnsmasq

Debian update for dnsmasq

Multiple vulnerabilities in Red Hat Virtualization for RHEL 8

Red Hat Virtualization update for redhat-virtualization-host