CVE-2017-15107 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Insufficient validation |
Description | A vulnerability was found in Dnsmasq's implementation of DNSSEC before 2.79. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-592 | dnsmasq | 2.78-1 | 2.78-2 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
30 Jan 2018 | ASA-201801-32 | AVG-592 | dnsmasq | Medium | insufficient validation |
References |
---|
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html |
Notes |
---|
Requires DNSSEC support to be vulnerable |