CVE-2012-3411
published 2013-03-05CVE-2012-3411: Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.03%
91.2th percentile
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.66-1 (bookworm) | dnsmasq 2.66-1 (bookworm) |
| debian | dnsmasq | < dnsmasq 2.63-1 (bookworm) | dnsmasq 2.63-1 (bookworm) |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| thekelleys | dnsmasq | <= 2.62 | — |
| thekelleys | dnsmasq | <= 2.65 | — |
| thekelleys | dnsmasq | >= 0 < 2.63-1 | 2.63-1 |
| thekelleys | dnsmasq | >= 0 < 2.66-1 | 2.66-1 |
| thekelleys | dnsmasq | >= 0 < 2.63-1 | 2.63-1 |
| thekelleys | dnsmasq | >= 0 < 2.66-1 | 2.66-1 |
| thekelleys | dnsmasq | >= 0 < 2.63-1 | 2.63-1 |
| thekelleys | dnsmasq | >= 0 < 2.66-1 | 2.66-1 |
| thekelleys | dnsmasq | >= 0 < 2.63-1 | 2.63-1 |
| thekelleys | dnsmasq | >= 0 < 2.66-1 | 2.66-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Juniper
CVE-2014-3411: Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vect
vendor_juniper·2014-05-19·CVSS 10.0
CVE-2014-3411 [CRITICAL] CVE-2014-3411: Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vect
CVE-2014-3411: Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
Red Hat
dnsmasq: Incomplete fix for the CVE-2012-3411 issue
vendor_redhat·2013-01-11·CVSS 5.0
CVE-2013-0198 [MEDIUM] dnsmasq: Incomplete fix for the CVE-2012-3411 issue
dnsmasq: Incomplete fix for the CVE-2012-3411 issue
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
Statement: Not vulnerable. This issue did not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5 and 6.
Package: dnsmasq (Red Hat Enterprise Linux 5) - Not affected
Package: dnsmasq (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2013-0198: dnsmasq - Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies...
vendor_debian·2013·CVSS 5.0
CVE-2013-0198 [MEDIUM] CVE-2013-0198: dnsmasq - Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies...
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
Scope: local
bookworm: resolved (fixed in 2.66-1)
bullseye: resolved (fixed in 2.66-1)
forky: resolved (fixed in 2.66-1)
sid: resolved (fixed in 2.66-1)
trixie: resolved (fixed in 2.66-1)
Red Hat
libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
vendor_redhat·2012-07-09·CVSS 5.0
CVE-2012-3411 [MEDIUM] libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Package: dnsmasq (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2012-3411: dnsmasq - Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies...
vendor_debian·2012·CVSS 5.0
CVE-2012-3411 [MEDIUM] CVE-2012-3411: dnsmasq - Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies...
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
Scope: local
bookworm: resolved (fixed in 2.63-1)
bullseye: resolved (fixed in 2.63-1)
forky: resolved (fixed in 2.63-1)
sid: resolved (fixed in 2.63-1)
trixie: resolved (fixed in 2.63-1)
GHSA
GHSA-gj79-j4q7-5h4x: Dnsmasq before 2
ghsa_unreviewed·2022-05-13
CVE-2012-3411 [MEDIUM] CWE-20 GHSA-gj79-j4q7-5h4x: Dnsmasq before 2
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
GHSA
GHSA-3pxx-76hx-4rw2: Dnsmasq before 2
ghsa_unreviewed·2022-05-05·CVSS 5.0
CVE-2013-0198 [MEDIUM] CWE-20 GHSA-3pxx-76hx-4rw2: Dnsmasq before 2
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
OSV
CVE-2012-3411: Dnsmasq before 2
osv·2013-03-05·CVSS 5.0
CVE-2012-3411 [MEDIUM] CVE-2012-3411: Dnsmasq before 2
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
OSV
CVE-2013-0198: Dnsmasq before 2
osv·2013-03-05·CVSS 5.0
CVE-2013-0198 [MEDIUM] CVE-2013-0198: Dnsmasq before 2
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue [fedora-all]
bugzilla·2013-01-18·CVSS 5.0
CVE-2013-0198 [MEDIUM] CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue [fedora-all]
CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue af
Bugzilla
CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue
bugzilla·2013-01-11·CVSS 5.0
CVE-2013-0198 [MEDIUM] CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue
CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue
Description of problem:
On my workstation, as a virtual machine host, I have NetworkManager's dnsmasq configured to forward DNS queries for a local domain to 192.168.122.1, so I can resolve those to virtual machine DHCP hostnames. Recently this stopped working.
With manual dig commands, I found that TCP queries still work, but UDP doesn't. For example, in libvirt I have a statically defined name "vhost" to 192.168.122.1 itself. From the host, the command "dig +short +tcp @192.168.122.1 vhost" resolves that just fine. But "dig +short +notcp @192.168.122.1 vhost" says "connection timed out; no servers could be reached". From a guest, +tcp and +notcp both work fine.
Version-Release number of selected component (if applicable
Bugzilla
CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy [fedora-all]
bugzilla·2012-11-30·CVSS 5.0
CVE-2012-3411 [MEDIUM] CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy [fedora-all]
CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: t
Bugzilla
CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy
bugzilla·2012-11-08·CVSS 5.0
CVE-2012-3411 [MEDIUM] CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy
CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy
Reposting the relevant portions as a non-private comment:
...
Yes, I think libvirt needs to be patched to use the new "--bind-dynamic" option.
...
Aha, this works better:
/sbin/dnsmasq --strict-order --bind-dynamic --local=// --domain-needed --pid-file=/var/run/libvirt/network/net3.pid --conf-file= --interface virbr1 --dhcp-range XXXXX --dhcp-leasefile=/var/lib/libvirt/dnsmasq/net3.leases --dhcp-lease-max=13 --dhcp-no-override --dhcp-hostsfile=/var/lib/libvirt/dnsmasq/net3.hostsfile --addn-hosts=/var/lib/libvirt/dnsmasq/net3.addnhosts
That is, I have to use '--interface virbr1' instead of '--except-interface lo --listen-address 90.155.50.33'.
It still accepts requests received from lo, which confused me momen
Bugzilla
CVE-2012-3411 dnsmasq: When run under libvirt open DNS proxy (reachable also out of the virtual network set for the guest domain) is created [fedora-all]
bugzilla·2012-07-09·CVSS 5.0
CVE-2012-3411 [MEDIUM] CVE-2012-3411 dnsmasq: When run under libvirt open DNS proxy (reachable also out of the virtual network set for the guest domain) is created [fedora-all]
CVE-2012-3411 dnsmasq: When run under libvirt open DNS proxy (reachable also out of the virtual network set for the guest domain) is created [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi updat
Bugzilla
CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
bugzilla·2012-06-18·CVSS 5.0
CVE-2012-3411 [MEDIUM] CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
I just found my home ADSL line under "attack" with a constant stream of spoofed DNS queries which produce large results, such as 'ANY' requests for 'ripe.net'.
I was surprised to find that my machine was actually *responding* to these queries.
I have libvirt configured to give a range of public IP addresses to its guests. The target of the attack was the host's IP address on that subnet, 81.187.2.161.
It seems that your dnsmasq instance is listening on that address, but *not* correctly discarding packets which come from a different interface. Even though the --bind-interface option is set.
This is the command line:
/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/net
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372http://rhn.redhat.com/errata/RHSA-2013-0276.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0277.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0579.htmlhttp://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0http://www.mandriva.com/security/advisories?name=MDVSA-2013:072http://www.openwall.com/lists/oss-security/2012/07/12/5http://www.securityfocus.com/bid/54353http://www.thekelleys.org.uk/dnsmasq/CHANGELOGhttps://bugzilla.redhat.com/show_bug.cgi?id=833033http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372http://rhn.redhat.com/errata/RHSA-2013-0276.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0277.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0579.htmlhttp://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0http://www.mandriva.com/security/advisories?name=MDVSA-2013:072http://www.openwall.com/lists/oss-security/2012/07/12/5http://www.securityfocus.com/bid/54353http://www.thekelleys.org.uk/dnsmasq/CHANGELOGhttps://bugzilla.redhat.com/show_bug.cgi?id=833033
2013-03-05
Published