CVE-2021-3448 - log back

CVE-2021-3448 edited at 07 Apr 2021 21:48:32
References
https://bugzilla.redhat.com/show_bug.cgi?id=1939368
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
+ https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014962.html
CVE-2021-3448 edited at 18 Mar 2021 13:08:46
Description
- A security issue was found in dnsmasq. When configured with --server=<address>@<interface> or similar (e.g. through dbus), dnsmasq configures a fixed UDP port for all outgoing queries to the specified upstream DNS server. If an attacker is able to discover the opened port through other means (e.g. port scanning, guessing or sniffing), they would just have to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw could be abused to perform a DNS Cache Poisoning attack.
+ A security issue was found in dnsmasq before version 2.85. When configured with --server=<address>@<interface> or similar (e.g. through dbus), dnsmasq configures a fixed UDP port for all outgoing queries to the specified upstream DNS server. If an attacker is able to discover the opened port through other means (e.g. port scanning, guessing or sniffing), they would just have to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw could be abused to perform a DNS Cache Poisoning attack.
CVE-2021-3448 edited at 18 Mar 2021 13:07:21
References
https://bugzilla.redhat.com/show_bug.cgi?id=1939368
+ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
CVE-2021-3448 edited at 18 Mar 2021 13:06:03
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ A security issue was found in dnsmasq. When configured with --server=<address>@<interface> or similar (e.g. through dbus), dnsmasq configures a fixed UDP port for all outgoing queries to the specified upstream DNS server. If an attacker is able to discover the opened port through other means (e.g. port scanning, guessing or sniffing), they would just have to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw could be abused to perform a DNS Cache Poisoning attack.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1939368
Notes
+ Workaround
+ ==========
+
+ The flaw can be prevented by removing the --server=<address>@<interface> option or by removing the directive server=<address>@<interface>. If dnsmasq is being run through NetworkManager, please be aware that NetworkManager automatically configures dnsmasq to use the server=<address>@<interface> directive, thus in this case the only way to prevent the flaw is to remove dns=dnsmasq from the /etc/NetworkManager/NetworkManager.conf file.
+
+ If the server=<address>@<interface> must be kept active, the impact of this flaw can be reduced by disabling the dnsmasq cache by adding --cache-size=0 when calling dnsmasq or by adding a line with cache-size=0 to the dnsmasq configuration file (/etc/dnsmasq.conf by default). If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add cache-size=0 to it.
+
+ By disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.
CVE-2021-3448 created at 18 Mar 2021 13:00:34