PT-2021-9711 · Dnsmasq+1 · Dnsmasq+1

Riccardo Schirone

Published

2020-07-31

Updated

2024-06-15

CVE-2020-14312

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 31

Description A flaw was found in the default configuration of dnsmasq, where it listens on any interface and accepts queries from addresses outside of its local subnet. The option local-service is not enabled, which may inadvertently make it an open resolver accessible from any address on the internet. This allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Recommendations For versions prior to 31, enable the local-service option to prevent dnsmasq from listening on any interface and accepting queries from outside its local subnet. As a temporary workaround, consider restricting access to the dnsmasq service to minimize the risk of exploitation.

Fix

DoS

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2020-14312

MGASA-2020-0310

OESA-2022-1821

OPENSUSE-SU-2021:1426-1

OPENSUSE-SU-2021:3530-1

OPENSUSE-SU-2021_1426-1

OPENSUSE-SU-2021_3530-1

OPENSUSE-SU-2024:11653-1

SUSE-SU-2021:3530-1

SUSE-SU-2021_3530-1

Affected Products

Suse

Dnsmasq

PT-2021-9711 · Dnsmasq+1 · Dnsmasq+1

CVE-2020-14312

Weakness Enumeration

Related Identifiers

Affected Products

References · 28