|
Dnsmasq DHCP Lease File Denial of Service and DNS Cache Poisoning
|
|
Secunia Advisory:
|
SA14691
|
|
|
Release Date:
|
2005-03-25
|
|
Last Update:
|
2005-03-30
|
|
Popularity:
|
9,479 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Spoofing
Manipulation of data
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Dnsmasq 2.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Two vulnerabilities have been reported in Dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) or poison the DNS cache.
1) An off-by-one boundary error when reading the DHCP lease file can be exploited by a malicious DHCP client to cause a buffer overflow by supplying an overly long hostname and client-id.
Successful exploitation crashes Dnsmasq the next time it is started.
2) When receiving DNS replies, only the 16-bit ID is checked against the current query. This can be exploited to poison the DNS cache if a valid ID (randomly generated) is guessed by e.g. sending a flood of DNS replies.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
