Details of VAR-200505-0478

ID

VAR-200505-0478

CVE

CVE-2005-0876

TITLE

Dnsmasq Multiple Remote Vulnerabilities

Trust: 0.9

sources: BID: 12897 // CNNVD: CNNVD-200505-736

DESCRIPTION

Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. Dnsmasq is reported prone to multiple remote vulnerabilities. An attacker may leverage these issues to manipulate cache data, potentially facilitating man-in-the-middle, site impersonation, or denial of service attacks. A denial of service condition may occur due to the off-by-one overflow vulnerability. Although unconfirmed, there is a circumstantial possibility of remote code execution in the context of the server. Reportedly, exploitation of the cache-poisoning issue is not trivial as improvements were made to the application to mitigate cache-poisoning attacks. The off-by-one overflow issue affects Dnsmasq 2.14, 2.15, 2.16, 2.17, 2.18, 2.19 and 2.20. The cache-poisoning issue affects Dnsmasq 2.20 and prior. Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Dnsmasq DHCP Lease File Denial of Service and DNS Cache Poisoning SECUNIA ADVISORY ID: SA14691 VERIFY ADVISORY: http://secunia.com/advisories/14691/ CRITICAL: Moderately critical IMPACT: Spoofing, Manipulation of data, DoS WHERE: >From remote SOFTWARE: Dnsmasq 2.x http://secunia.com/product/4837/ DESCRIPTION: Two vulnerabilities have been reported in Dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) or poison the DNS cache. Successful exploitation crashes Dnsmasq the next time it is started. 2) When receiving DNS replies, only the 16-bit ID is checked against the current query. This can be exploited to poison the DNS cache if a valid ID (randomly generated) is guessed by e.g. sending a flood of DNS replies. SOLUTION: Update to version 2.21. http://www.thekelleys.org.uk/dnsmasq/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Rob Holland. 2) Reported by vendor. ORIGINAL ADVISORY: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2005-0876 // BID: 12897 // PACKETSTORM: 36798

AFFECTED PRODUCTS

vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.20	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.19	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.18	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.17	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.16	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.15	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.14	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.13	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.12	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.11	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.10	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.9	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.8	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.7	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.6	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.5	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.4	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.2	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.1	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.0	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.30	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	ne	version:	2.22	Trust: 0.3
vendor:	dnsmasq	model:	dnsmasq	scope:	ne	version:	2.21	Trust: 0.3

sources: BID: 12897 // CNNVD: CNNVD-200505-736 // NVD: CVE-2005-0876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0876
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200505-736
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2005-0876
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200505-736 // NVD: CVE-2005-0876

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-736

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200505-736

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0876	Trust: 1.9
db:	BID	id:	12897	Trust: 1.9
db:	SECUNIA	id:	14691	Trust: 1.7
db:	XF	id:	19825	Trust: 0.6
db:	CNNVD	id:	CNNVD-200505-736	Trust: 0.6
db:	PACKETSTORM	id:	36798	Trust: 0.1

sources: BID: 12897 // PACKETSTORM: 36798 // CNNVD: CNNVD-200505-736 // NVD: CVE-2005-0876

REFERENCES

url:	http://www.thekelleys.org.uk/dnsmasq/changelog	Trust: 2.0
url:	http://www.securityfocus.com/bid/12897	Trust: 1.6
url:	http://secunia.com/advisories/14691	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/19825	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/19825	Trust: 0.6
url:	http://www.thekelleys.org.uk/dnsmasq/doc.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/4837/	Trust: 0.1
url:	http://www.thekelleys.org.uk/dnsmasq/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/14691/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 12897 // PACKETSTORM: 36798 // CNNVD: CNNVD-200505-736 // NVD: CVE-2005-0876

CREDITS

The vendor disclosed these issues.

Trust: 0.9

sources: BID: 12897 // CNNVD: CNNVD-200505-736

SOURCES

db:	BID	id:	12897
db:	PACKETSTORM	id:	36798
db:	CNNVD	id:	CNNVD-200505-736
db:	NVD	id:	CVE-2005-0876

LAST UPDATE DATE

2024-08-14T13:40:11.820000+00:00

SOURCES UPDATE DATE

db:	BID	id:	12897	date:	2009-07-12T11:56:00
db:	CNNVD	id:	CNNVD-200505-736	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0876	date:	2017-07-11T01:32:26.907

SOURCES RELEASE DATE

db:	BID	id:	12897	date:	2005-03-25T00:00:00
db:	PACKETSTORM	id:	36798	date:	2005-03-25T16:42:00
db:	CNNVD	id:	CNNVD-200505-736	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-0876	date:	2005-05-02T04:00:00