CVE-2020-25684

Name
CVE-2020-25684
Description
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1889686
Third Party Advisory https://www.jsof-tech.com/disclosures/dnspooq/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
Third Party Advisory https://security.gentoo.org/glsa/202101-17
Third Party Advisory https://www.debian.org/security/2021/dsa-4844
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* dnsmasq >= None < 2.83

Vulnerable and fixed packages

Source package Branch Version Maintainer Status