ID

VAR-202101-0220

CVE

CVE-2020-25684

TITLE

Dnsmasq is vulnerable to memory corruption and cache poisoning

DESCRIPTION

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment.CVE-2020-25681 Not Affected CVE-2020-25682 Not Affected CVE-2020-25683 Not Affected CVE-2020-25684 Affected CVE-2020-25685 Affected CVE-2020-25686 Affected CVE-2020-25687 Not AffectedCVE-2020-25681 Not Affected CVE-2020-25682 Not Affected CVE-2020-25683 Not Affected CVE-2020-25684 Affected CVE-2020-25685 Affected CVE-2020-25686 Affected CVE-2020-25687 Not Affected. dnsmasq There is a security check vulnerability in.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. For the stable distribution (buster), these problems have been fixed in version 2.80-1+deb10u1. For the detailed security status of dnsmasq please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dnsmasq Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV nWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K IC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c YS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC AgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf yfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q qtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q== =j5Ka -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security update Advisory ID: RHSA-2021:0240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0240 Issue date: 2021-01-25 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 ==================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 3. Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: dnsmasq-2.66-14.el7_2.3.src.rpm x86_64: dnsmasq-2.66-14.el7_2.3.x86_64.rpm dnsmasq-debuginfo-2.66-14.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: dnsmasq-debuginfo-2.66-14.el7_2.3.x86_64.rpm dnsmasq-utils-2.66-14.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYA7UVtzjgjWX9erEAQi76RAAgT6h7h34shWvBegp7irDxHHbsozWD3tl D6+hJqD+/NWTgG3zmsJJrdauceSTcdfTlNKLTg4NaJlRu7nloIlTVN5bnZ2NGxIZ t8wVjZrdGpp2IS5WqCkL7D4LWDcSC/CFRJvRcQBbQVWDq4p2vQcrRdfNBzSfjVj3 SRvXXfHKoZpR/Vc3FUfnn8zT0SUPGBYKX8fXuSIT6pQWtyB5kMdSx21Ehzw27eTr lRq/cqPLGpATU+yOc6dP0F1v7dObmUPOFQn3gkAsjVxJ2GA6jnp0xpA/JpRRdGQI pMfuAH6mLD2PUUDbjEY18B5oQ47VQI48hWhXBvXRXpphJArhiqzNRJlBdtnfdPJY 2n0MdfTbzFcARX/r/cdiKhSDrPVwzR+2JfCs2zcJjhsateQMb+xr6+bFOgkMaTGl 8+MQIG3Xrckw7dRIdK/InChD+c/6LzTccZoyRBwF6ym7M7wT95tkS7tlwR7hro24 DfXWdeQK9BS3+oSCW+HVLl8J6czfcr+DTbhJv3G5Ak/iKI6Eoz/qXSW8NqfJhMxJ bmgg5qVqEaEDXmGcebfa5YGIERYIrCjooSPgzKe6u2utGpUHk/M4+tSTsg3qPclL 6eLbM1Y+XCZDPVnYbynYgaR25J9s1eeEPNQKb+dEZrI0fAoZ7sL8ewypIWNXzg1w CER5JgCFfRs\xadCv -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64 3. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64 3. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * When performing an upgrade of the Red Hat Virtualization Host using the command `yum update`, the yum repository for RHV 4.3 EUS is unreachable As a workaround, run the following command: `# yum update --releasever=7Server` (BZ#1899378) 4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: January 22, 2021 Bugs: #766126 ID: 202101-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/dnsmasq < 2.83 >= 2.83 Description =========== Multiple vulnerabilities have been discovered in Dnsmasq. Impact ====== An attacker, by sending specially crafted DNS replies, could possibly execute arbitrary code with the privileges of the process, perform a cache poisoning attack or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.83" References ========== [ 1 ] CVE-2020-25681 https://nvd.nist.gov/vuln/detail/CVE-2020-25681 [ 2 ] CVE-2020-25682 https://nvd.nist.gov/vuln/detail/CVE-2020-25682 [ 3 ] CVE-2020-25683 https://nvd.nist.gov/vuln/detail/CVE-2020-25683 [ 4 ] CVE-2020-25684 https://nvd.nist.gov/vuln/detail/CVE-2020-25684 [ 5 ] CVE-2020-25685 https://nvd.nist.gov/vuln/detail/CVE-2020-25685 [ 6 ] CVE-2020-25686 https://nvd.nist.gov/vuln/detail/CVE-2020-25686 [ 7 ] CVE-2020-25687 https://nvd.nist.gov/vuln/detail/CVE-2020-25687 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

This document was written by Vijay Sarvepalli.Statement Date:   January 04, 2021

SOURCES

LAST UPDATE DATE

2025-09-13T22:12:17.438000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE