Vulnerability CVE-2021-3448: Information
Description
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Severity: MEDIUM (4.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
dnsmasq | sisyphus | 2.85-alt1 | 2.90-alt1 | ALT-PU-2021-1622-1 | 269273 | Fixed |
dnsmasq | p10 | 2.85-alt1 | 2.90-alt1 | ALT-PU-2021-1622-1 | 269273 | Fixed |
dnsmasq | p9 | 2.85-alt1 | 2.85-alt2.p9.1 | ALT-PU-2021-1638-1 | 269274 | Fixed |
dnsmasq | c10f1 | 2.85-alt1 | 2.90-alt1 | ALT-PU-2021-1622-1 | 269273 | Fixed |
dnsmasq | c9f2 | 2.85-alt1 | 2.90-alt1 | ALT-PU-2021-1645-1 | 269275 | Fixed |
dnsmasq | p11 | 2.85-alt1 | 2.90-alt1 | ALT-PU-2021-1622-1 | 269273 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1939368 |
|
GLSA-202105-20 |
|
https://www.oracle.com/security-alerts/cpujan2022.html |
|
FEDORA-2021-62a5062b2d | |
FEDORA-2021-9433bedebd | |
FEDORA-2021-5cd2571751 |