PT-2013-1604 · Dnsmasq+3 · Dnsmasq+3

David Woodhouse

Publicado

2013-02-20

Atualizado

2023-02-13

CVE-2012-3411

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Dnsmasq versions prior to 2.63test1

Description The issue allows remote attackers to cause a denial of service, specifically through traffic amplification, by sending a spoofed DNS query. This occurs when Dnsmasq is used with certain configurations in libvirt and responds to requests from prohibited interfaces.

Recommendations For versions prior to 2.63test1, update to version 2.63test1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DNS service to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2013_0276

CESA-2013_0277

CVE-2012-3411

RHSA-2013:0276

RHSA-2013:0277

RHSA-2013:0579

RHSA-2013_0276

RHSA-2013_0277

Produtos afetados

Centos

Dnsmasq

Red Hat

Libvirt

PT-2013-1604 · Dnsmasq+3 · Dnsmasq+3

CVE-2012-3411

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39