Details of VAR-200604-0535

ID

VAR-200604-0535

CVE

CVE-2006-2017

TITLE

DNSmasq Broadcast Reply Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 17662 // CNNVD: CNNVD-200604-459

DESCRIPTION

Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. Dnsmasq is prone to a remote denial-of-service vulnerability. TITLE: Dnsmasq DHCP Broadcast Reply Denial of Service SECUNIA ADVISORY ID: SA19760 VERIFY ADVISORY: http://secunia.com/advisories/19760/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Dnsmasq 2.x http://secunia.com/product/4837/ DESCRIPTION: A vulnerability has been reported in Dnsmasq, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of certain requests from a DHCP client. The vulnerability has been reported in version 2.29. SOLUTION: Update to version 2.30. http://thekelleys.org.uk/dnsmasq/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sandra Dekkers. ORIGINAL ADVISORY: http://thekelleys.org.uk/dnsmasq/CHANGELOG ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2006-2017 // BID: 17662 // PACKETSTORM: 45648

AFFECTED PRODUCTS

vendor:	dnsmasq	model:	dnsmasq	scope:	eq	version:	2.29	Trust: 1.9
vendor:	dnsmasq	model:	dnsmasq	scope:	ne	version:	2.30	Trust: 0.3

sources: BID: 17662 // CNNVD: CNNVD-200604-459 // NVD: CVE-2006-2017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2017
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200604-459
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-2017
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200604-459 // NVD: CVE-2006-2017

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-459

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200604-459

EXTERNAL IDS

db:	BID	id:	17662	Trust: 1.9
db:	SECUNIA	id:	19760	Trust: 1.7
db:	NVD	id:	CVE-2006-2017	Trust: 1.6
db:	VUPEN	id:	ADV-2006-1494	Trust: 1.6
db:	OSVDB	id:	24884	Trust: 1.6
db:	XF	id:	26005	Trust: 0.6
db:	CNNVD	id:	CNNVD-200604-459	Trust: 0.6
db:	PACKETSTORM	id:	45648	Trust: 0.1

sources: BID: 17662 // PACKETSTORM: 45648 // CNNVD: CNNVD-200604-459 // NVD: CVE-2006-2017

REFERENCES

url:	http://thekelleys.org.uk/dnsmasq/changelog	Trust: 1.7
url:	http://www.securityfocus.com/bid/17662	Trust: 1.6
url:	http://secunia.com/advisories/19760	Trust: 1.6
url:	http://www.osvdb.org/24884	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2006/1494	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26005	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/26005	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1494	Trust: 0.6
url:	http://www.thekelleys.org.uk/dnsmasq/changelog	Trust: 0.3
url:	http://www.thekelleys.org.uk/dnsmasq/doc.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19760/	Trust: 0.1
url:	http://thekelleys.org.uk/dnsmasq/	Trust: 0.1
url:	http://secunia.com/product/4837/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 17662 // PACKETSTORM: 45648 // CNNVD: CNNVD-200604-459 // NVD: CVE-2006-2017

CREDITS

Sandra Dekkers is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 17662 // CNNVD: CNNVD-200604-459

SOURCES

db:	BID	id:	17662
db:	PACKETSTORM	id:	45648
db:	CNNVD	id:	CNNVD-200604-459
db:	NVD	id:	CVE-2006-2017

LAST UPDATE DATE

2024-08-14T15:04:37.319000+00:00

SOURCES UPDATE DATE

db:	BID	id:	17662	date:	2006-04-24T19:41:00
db:	CNNVD	id:	CNNVD-200604-459	date:	2006-04-26T00:00:00
db:	NVD	id:	CVE-2006-2017	date:	2017-07-20T01:31:06.850

SOURCES RELEASE DATE

db:	BID	id:	17662	date:	2006-04-24T00:00:00
db:	PACKETSTORM	id:	45648	date:	2006-04-25T22:06:23
db:	CNNVD	id:	CNNVD-200604-459	date:	2006-04-25T00:00:00
db:	NVD	id:	CVE-2006-2017	date:	2006-04-25T12:50:00