Vulnerabilities > CVE-2008-3350 - Unspecified vulnerability in the Kelleys Dnsmasq 2.43
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN the-kelleys
nessus
Summary
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family DNS NASL id DNSMASQ_MULTIPLE_DOS.NASL description The remote host is running dnsmasq, a DHCP and DNS server. The version of dnsmasq installed on the remote host reports itself as 2.43. This version reportedly is affected by 3 denial of service issues : - The application can crash when an unknown client attempts to renew a DHCP lease. - The application may crash when a host which doesn last seen 2020-06-01 modified 2020-06-02 plugin id 34111 published 2008-09-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34111 title dnsmasq < 2.45 Multiple Remote DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34111); script_version("1.18"); script_cvs_date("Date: 2018/07/10 14:27:31"); script_cve_id("CVE-2008-3350"); script_bugtraq_id(31017); script_name(english:"dnsmasq < 2.45 Multiple Remote DoS"); script_summary(english:"Checks the version of dnsmasq"); script_set_attribute(attribute:"synopsis", value: "The remote DNS / DHCP service is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running dnsmasq, a DHCP and DNS server. The version of dnsmasq installed on the remote host reports itself as 2.43. This version reportedly is affected by 3 denial of service issues : - The application can crash when an unknown client attempts to renew a DHCP lease. - The application may crash when a host which doesn't have a lease does a 'DHCPINFORM'. - There is a crash vulnerability in the netlink code."); script_set_attribute(attribute:"see_also", value:"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8cca54d"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5db6c7d4"); script_set_attribute(attribute:"solution", value:"Upgrade to dnsmasq 2.45 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/08"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:thekelleys:dnsmasq"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"DNS"); script_dependencie("dns_version.nasl"); script_require_keys("dns_server/version", "Settings/ParanoidReport"); script_require_ports("Services/dns", 53); exit(0); } include("audit.inc"); include("misc_func.inc"); include("global_settings.inc"); app_name = "dnsmasq"; port = get_kb_item("Services/udp/dns"); if (!port) port = 53; if (report_paranoia < 2) audit(AUDIT_PARANOID); # dnsmasq replies to BIND.VERSION version = get_kb_item_or_exit("dns_server/version"); version = tolower(version); display_version = version; if (version !~ "dnsmasq-(v)?") audit(AUDIT_NOT_LISTEN, app_name, port); version = ereg_replace(pattern:"^dnsmasq-(v)?(.*)$", replace:"\2", string:version); if (version == '2') audit(AUDIT_VER_NOT_GRANULAR, app_name, port, display_version); if (version =~ "^(2\.43([^0-9]|$))$") { report = '\n' + '\n Installed version : ' + display_version + '\n Fixed version : dnsmasq-2.45' + '\n'; security_report_v4(port:53, proto:"udp", severity:SECURITY_WARNING, extra:report); } else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, display_version, 'udp');NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200809-02.NASL description The remote host is affected by the vulnerability described in GLSA-200809-02 (dnsmasq: Denial of Service and DNS spoofing) Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact : A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 34091 published 2008-09-05 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34091 title GLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofing code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200809-02. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(34091); script_version("1.28"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-1447", "CVE-2008-3350"); script_xref(name:"GLSA", value:"200809-02"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"GLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofing"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200809-02 (dnsmasq: Denial of Service and DNS spoofing) Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact : A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200809-02" ); script_set_attribute( attribute:"solution", value: "All dnsmasq users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/dnsmasq-2.45'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:dnsmasq"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/05"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-dns/dnsmasq", unaffected:make_list("ge 2.45"), vulnerable:make_list("lt 2.45"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq"); }
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31017 CVE ID:CVE-2008-3350 CNCVE ID:CNCVE-20083350 Dnsmasq是一款轻量级的DNS服务程序。 Dnsmasq处理租期存在多个安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 -当未知客户端尝试刷新DHCP租期时存在问题可导致应用程序崩溃。 -当一个没有租期的主机处理DHCPINFORM时可导致应用程序崩溃。 Gentoo net-dns/dnsmasq 2.43 Dnsmasq Dnsmasq 2.43 升级到最新版本: <a href=http://www.thekelleys.org.uk/dnsmasq/doc.html target=_blank>http://www.thekelleys.org.uk/dnsmasq/doc.html</a> |
| id | SSV:3994 |
| last seen | 2017-11-19 |
| modified | 2008-09-10 |
| published | 2008-09-10 |
| reporter | Root |
| title | Dnsmasq DCHP租期多个远程拒绝服务漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-30 |
| organization | Red Hat |
| statement | Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5. |
References
- http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189
- http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189
- http://secunia.com/advisories/31197
- http://secunia.com/advisories/31197
- http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
- http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
- http://www.vupen.com/english/advisories/2008/2166
- http://www.vupen.com/english/advisories/2008/2166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43957
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43957
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43960
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43960