Operating System:

[UNIX/Linux][FreeBSD]

Published:

18 March 2021

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2021.0954 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0954
    dnsmasq -- cache poisoning vulnerability in certain configurations
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           dnsmasq
Publisher:         FreeBSD
Operating System:  FreeBSD
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Provide Misleading Information -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3448  

Original Bulletin: 
   http://www.vuxml.org/freebsd/5b72b1ff-877c-11eb-bd4f-2f1d57dafe46.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than FreeBSD. It is recommended that administrators
         running dnsmasq check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

dnsmasq -- cache poisoning vulnerability in certain configurations

Affected packages
  dnsmasq       < 2.85.r1,1
  dnsmasq-devel < 2.85.r1,3

Details

VuXML ID  5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Discovery 2021-03-17
Entry     2021-03-18

Simon Kelley reports:

    [In configurations where the forwarding server address contains an @
    character for specifying a sending interface or source address, the] random
    source port behavior was disabled, making cache poisoning attacks possible.

This only affects configurations of the form server=1.1.1.1@em0 or server=
1.1.1.1@192.0.2.1, i. e. those that specify an interface to send through, or an
IP address to send from, or use together with NetworkManager.

References

CVE Name  CVE-2021-3448

URL       https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/
          014835.html

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFKzHONLKJtyKPYoAQiwrBAAiipktlfgZ+UaNxgf1bDhK3qjRRv0SgGu
nRUtArP+Iq7yia1NzFwO48Uu/YuzJptFVKl1vMxQ8oebsUv7MzQtMz6B8l5/qTuA
/qKQuoX+TGTtOLNsQsQmGyRFilAx9Ayhp1amFozeqi1ZghXCbKtGgk5h1c9fuQCW
7RF7bMLWMNJQ3TfG0W7ykVuW1uDFr3fu0caBAdH4/1tVO/Yg0cCh/LW2+gjVKOXA
Jw6dpCaAWfRf67BqtrT9eZ314InvEq9L25RMNyAvUTiWa/FAxu0j2ey3ZEyBDVkw
QXWKG0TKHhQBMn8m4ZL5RRmh0O5vPMEo1/FCh+K5mKVfxyxXT2QHr0NDdnWxGq5X
tXEuj85d+sPusqzGuXzWxyUVHNHqHLufezEKroQfdkodPVtEjE9AtSL3XUcdwdT3
C7m8TFjrGq14L2Zopvq5XJLHmu4yDk2wT5U97jXIBvLKKUz2cFfwD3c6XzKbHgj3
9E0A28DDGwDodiRd4onA8laYImkIdRRobwbc1h3NUIy0EXRYWq7yoHSv9oCEe9S6
sJFVU1ArMH4SINlM+f5L9GMBNmAZ0De4SvA/T8MqHB+ljO5d92TK65Ig/f+CjIfz
1HXukS495gxrETLP7g75h/ktf4BsGAVidZsxH/742/qCuRkGNIytj9Fpf3ao1lf5
MKB9pfjn/v4=
=F/px
-----END PGP SIGNATURE-----