PT-2021-3539 · Dnsmasq+6 · Dnsmasq+6

Published

2021-01-19

·

Updated

2024-06-15

·

CVE-2020-25685

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.83
Description A flaw in dnsmasq allows an off-path attacker to forge a reply and get it accepted by dnsmasq due to the use of a weak hash (CRC32 or SHA-1) when checking forwarded queries in the reply query() function. This could be abused to perform a DNS Cache Poisoning attack, substantially reducing the number of attempts needed to forge a reply. The highest threat from this issue is to data integrity.
Recommendations For dnsmasq versions prior to 2.83, update to version 2.83 or later to resolve the issue. As a temporary workaround, consider restricting the use of the reply query() function in forward.c to minimize the risk of exploitation. Additionally, avoid using dnsmasq as a DNS server unless necessary, and ensure that any optional configurations allowing the use of the EOS switch as a DNS server are carefully evaluated and secured.

Fix

Inadequate Encryption Strength

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-358

Related Identifiers

ALT-PU-2021-1126
ALT-PU-2021-1167
ALT-PU-2021-1217
BDU:2021-03623
CESA-2021_0150
CESA-2021_0153
CVE-2020-25685
DSA-4844-1
MGASA-2021-0059
OESA-2021-1001
OPENSUSE-SU-2021:0124-1
OPENSUSE-SU-2021:0129-1
OPENSUSE-SU-2021_0124-1
OPENSUSE-SU-2021_0129-1
OPENSUSE-SU-2024:10721-1
RHSA-2021:0150
RHSA-2021:0151
RHSA-2021:0152
RHSA-2021:0153
RHSA-2021:0154
RHSA-2021:0155
RHSA-2021:0156
RHSA-2021:0240
RHSA-2021:0245
RHSA-2021:0395
RHSA-2021:0401
RHSA-2021_0150
RHSA-2021_0153
SUSE-SU-2021:0162-1
SUSE-SU-2021:0163-1
SUSE-SU-2021:0166-1
SUSE-SU-2021:14603-1
SUSE-SU-2021:14604-1
SUSE-SU-2021_14603-1
USN-4698-1
USN-4698-2

Affected Products

Alt Linux
Centos
Linuxmint
Red Hat
Suse
Ubuntu
Dnsmasq