Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0954 dnsmasq -- cache poisoning vulnerability in certain configurations 18 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dnsmasq Publisher: FreeBSD Operating System: FreeBSD UNIX variants (UNIX, Linux, OSX) Impact/Access: Provide Misleading Information -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2021-3448 Original Bulletin: http://www.vuxml.org/freebsd/5b72b1ff-877c-11eb-bd4f-2f1d57dafe46.html Comment: This advisory references vulnerabilities in products which run on platforms other than FreeBSD. It is recommended that administrators running dnsmasq check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- dnsmasq -- cache poisoning vulnerability in certain configurations Affected packages dnsmasq < 2.85.r1,1 dnsmasq-devel < 2.85.r1,3 Details VuXML ID 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 Discovery 2021-03-17 Entry 2021-03-18 Simon Kelley reports: [In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible. This only affects configurations of the form server=1.1.1.1@em0 or server= 1.1.1.1@192.0.2.1, i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager. References CVE Name CVE-2021-3448 URL https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/ 014835.html - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYFKzHONLKJtyKPYoAQiwrBAAiipktlfgZ+UaNxgf1bDhK3qjRRv0SgGu nRUtArP+Iq7yia1NzFwO48Uu/YuzJptFVKl1vMxQ8oebsUv7MzQtMz6B8l5/qTuA /qKQuoX+TGTtOLNsQsQmGyRFilAx9Ayhp1amFozeqi1ZghXCbKtGgk5h1c9fuQCW 7RF7bMLWMNJQ3TfG0W7ykVuW1uDFr3fu0caBAdH4/1tVO/Yg0cCh/LW2+gjVKOXA Jw6dpCaAWfRf67BqtrT9eZ314InvEq9L25RMNyAvUTiWa/FAxu0j2ey3ZEyBDVkw QXWKG0TKHhQBMn8m4ZL5RRmh0O5vPMEo1/FCh+K5mKVfxyxXT2QHr0NDdnWxGq5X tXEuj85d+sPusqzGuXzWxyUVHNHqHLufezEKroQfdkodPVtEjE9AtSL3XUcdwdT3 C7m8TFjrGq14L2Zopvq5XJLHmu4yDk2wT5U97jXIBvLKKUz2cFfwD3c6XzKbHgj3 9E0A28DDGwDodiRd4onA8laYImkIdRRobwbc1h3NUIy0EXRYWq7yoHSv9oCEe9S6 sJFVU1ArMH4SINlM+f5L9GMBNmAZ0De4SvA/T8MqHB+ljO5d92TK65Ig/f+CjIfz 1HXukS495gxrETLP7g75h/ktf4BsGAVidZsxH/742/qCuRkGNIytj9Fpf3ao1lf5 MKB9pfjn/v4= =F/px -----END PGP SIGNATURE-----