CVE-2021-3448
published 2021-04-08CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while…
PriorityP423medium4CVSS 3.1
AVNACHPRNUINSCCNILAN
EPSS
1.99%
78.1th percentile
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.85-1 (bookworm) | dnsmasq 2.85-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_dnsmasq_2.85-1_on_cbl_mariner_1.0 | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| redhat | enterprise_linux | — | — |
| thekelleys | dnsmasq | < 2.85 | 2.85 |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | >= 0 < 2.85-1 | 2.85-1 |
| thekelleys | dnsmasq | >= 0 < 2.85-1 | 2.85-1 |
| thekelleys | dnsmasq | >= 0 < 2.85-1 | 2.85-1 |
| thekelleys | dnsmasq | >= 0 < 2.85-1 | 2.85-1 |
CVSS provenance
nvdv3.14.0MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.0MEDIUM
vendor_debian4.0MEDIUM
vendor_msrc4.0MEDIUM
vendor_oracle4.0MEDIUM
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Dnsmasq vulnerability
vendor_ubuntu·2022-09-07
CVE-2021-3448 Dnsmasq vulnerability
Title: Dnsmasq vulnerability
Summary: Dnsmasq could be exposed to cache poisoning.
USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix
some security issues.
Original advisory details:
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in
certain configurations. A remote attacker could possibly use this issue to
facilitate DNS cache poisoning attacks.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (dnsmasq) — CVE-2021-3448
vendor_oracle·2022-01-15·CVSS 4.0
CVE-2021-3448 [MEDIUM] Oracle Oracle Communications Risk Matrix: Configuration (dnsmasq) — CVE-2021-3448
Oracle Oracle Communications Risk Matrix: Configuration (dnsmasq) vulnerability
CVE: CVE-2021-3448
CVSS: 4.0
Protocol: TCP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2022 (JAN 2022)
Ubuntu
Dnsmasq vulnerability
vendor_ubuntu·2021-06-02
CVE-2021-3448 Dnsmasq vulnerability
Title: Dnsmasq vulnerability
Summary: Dnsmasq could be exposed to cache poisoning.
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in
certain configurations. A remote attacker could possibly use this issue to
facilitate DNS cache poisoning attacks.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Microsoft
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface dnsmasq uses a fixed port while forwarding queries. An attacker on the netwo
vendor_msrc·2021-04-13·CVSS 4.0
CVE-2021-3448 [MEDIUM] CWE-358 A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface dnsmasq uses a fixed port while forwarding queries. An attacker on the netwo
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface dnsmasq uses a fixed port while forwarding queries. An attacker on the network able to find the outgoing port used by dnsmasq only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open so
Red Hat
dnsmasq: fixed outgoing port used when --server is used with an interface name
vendor_redhat·2021-03-12·CVSS 4.0
CVE-2021-3448 [MEDIUM] CWE-358 dnsmasq: fixed outgoing port used when --server is used with an interface name
dnsmasq: fixed outgoing port used when --server is used with an interface name
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
A flaw was found in dnsmasq. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to gues
Debian
CVE-2021-3448: dnsmasq - A flaw was found in dnsmasq in versions before 2.85. When configured to use a sp...
vendor_debian·2021·CVSS 4.0
CVE-2021-3448 [MEDIUM] CVE-2021-3448: dnsmasq - A flaw was found in dnsmasq in versions before 2.85. When configured to use a sp...
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Scope: local
bookworm: resolved (fixed in 2.85-1)
bullseye: resolved (fixed in 2.85-1)
forky: resolved (fixed in 2.85-1)
sid: resolved (fixed in 2.85-1)
trixie: resolved (fixed in 2.85-1)
GHSA
GHSA-vvf4-c8p4-89v5: A flaw was found in dnsmasq in versions before 2
ghsa_unreviewed·2022-05-24
CVE-2021-3448 [MEDIUM] CWE-358 GHSA-vvf4-c8p4-89v5: A flaw was found in dnsmasq in versions before 2
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
OSV
CVE-2021-3448: A flaw was found in dnsmasq in versions before 2
osv·2021-04-08·CVSS 4.0
CVE-2021-3448 [MEDIUM] CVE-2021-3448: A flaw was found in dnsmasq in versions before 2
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1939368https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/https://security.gentoo.org/glsa/202105-20https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1939368https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/https://security.gentoo.org/glsa/202105-20https://www.oracle.com/security-alerts/cpujan2022.html
2021-04-08
Published