Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-25686 - log back

CVE-2020-25686 edited at 19 Jan 2021 13:02:30

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Insufficient validation

Description

+

A flaw was found when receiving a query, where dnsmasq before version 2.83 does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that would have to be performed to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced.

References

+	https://www.openwall.com/lists/oss-security/2021/01/19/1
+	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html
+	https://www.jsof-tech.com/disclosures/dnspooq/
+	https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=15b60ddf935a531269bb8c68198de012a4967156
+	https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914

Notes

CVE-2020-25686 created at 19 Jan 2021 12:52:46