Vulnerabilities > CVE-2008-3350 - Unspecified vulnerability in the Kelleys Dnsmasq 2.43

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
the-kelleys
nessus

Summary

dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.

Vulnerable Configurations

Part Description Count
Application
The_Kelleys
1

Nessus

  • NASL familyDNS
    NASL idDNSMASQ_MULTIPLE_DOS.NASL
    descriptionThe remote host is running dnsmasq, a DHCP and DNS server. The version of dnsmasq installed on the remote host reports itself as 2.43. This version reportedly is affected by 3 denial of service issues : - The application can crash when an unknown client attempts to renew a DHCP lease. - The application may crash when a host which doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id34111
    published2008-09-08
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34111
    titlednsmasq < 2.45 Multiple Remote DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(34111);
     script_version("1.18");
     script_cvs_date("Date: 2018/07/10 14:27:31");
    
     script_cve_id("CVE-2008-3350");
     script_bugtraq_id(31017);
    
     script_name(english:"dnsmasq < 2.45 Multiple Remote DoS");
     script_summary(english:"Checks the version of dnsmasq");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote DNS / DHCP service is affected by multiple denial of
    service vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "The remote host is running dnsmasq, a DHCP and DNS server.
    
    The version of dnsmasq installed on the remote host reports itself as
    2.43. This version reportedly is affected by 3 denial of service
    issues :
    
      - The application can crash when an unknown client
        attempts to renew a DHCP lease.
    
      - The application may crash when a host which doesn't
        have a lease does a 'DHCPINFORM'.
    
      - There is a crash vulnerability in the netlink code.");
     script_set_attribute(attribute:"see_also", value:"http://www.thekelleys.org.uk/dnsmasq/CHANGELOG");
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8cca54d");
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5db6c7d4");
     script_set_attribute(attribute:"solution", value:"Upgrade to dnsmasq 2.45 or later.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
     script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/08");
    
     script_set_attribute(attribute:"potential_vulnerability", value:"true");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:thekelleys:dnsmasq");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
     script_family(english:"DNS");
    
     script_dependencie("dns_version.nasl");
     script_require_keys("dns_server/version", "Settings/ParanoidReport");
     script_require_ports("Services/dns", 53);
    
     exit(0);
    }
    
    include("audit.inc");
    include("misc_func.inc");
    include("global_settings.inc");
    
    app_name = "dnsmasq";
    
    port = get_kb_item("Services/udp/dns");
    if (!port) port = 53;
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # dnsmasq replies to BIND.VERSION
    version = get_kb_item_or_exit("dns_server/version");
    version = tolower(version);
    display_version = version;
    
    if (version !~ "dnsmasq-(v)?")
      audit(AUDIT_NOT_LISTEN, app_name, port);
    
    version = ereg_replace(pattern:"^dnsmasq-(v)?(.*)$", replace:"\2", string:version);
    
    if (version == '2')
      audit(AUDIT_VER_NOT_GRANULAR, app_name, port, display_version);
    
    if (version =~ "^(2\.43([^0-9]|$))$")
    {
      report = '\n' +
        '\n  Installed version : ' + display_version +
        '\n  Fixed version     : dnsmasq-2.45' +
        '\n';
      security_report_v4(port:53, proto:"udp", severity:SECURITY_WARNING, extra:report);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, display_version, 'udp');
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200809-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200809-02 (dnsmasq: Denial of Service and DNS spoofing) Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact : A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id34091
    published2008-09-05
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34091
    titleGLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofing
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200809-02.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34091);
      script_version("1.28");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2008-1447", "CVE-2008-3350");
      script_xref(name:"GLSA", value:"200809-02");
      script_xref(name:"IAVA", value:"2008-A-0045");
    
      script_name(english:"GLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofing");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200809-02
    (dnsmasq: Denial of Service and DNS spoofing)
    
        Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP
        source ports when forwarding DNS queries to a recursing DNS server
        (CVE-2008-1447).
        Carlos Carvalho reported that dnsmasq in the 2.43 version does not
        properly handle clients sending inform or renewal queries for unknown
        DHCP leases, leading to a crash (CVE-2008-3350).
      
    Impact :
    
        A remote attacker could send spoofed DNS response traffic to dnsmasq,
        possibly involving generating queries via multiple vectors, and spoof
        DNS replies, which could e.g. lead to the redirection of web or mail
        traffic to malicious sites. Furthermore, an attacker could generate
        invalid DHCP traffic and cause a Denial of Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200809-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All dnsmasq users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-dns/dnsmasq-2.45'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:dnsmasq");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/05");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-dns/dnsmasq", unaffected:make_list("ge 2.45"), vulnerable:make_list("lt 2.45"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dnsmasq");
    }
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31017 CVE ID:CVE-2008-3350 CNCVE ID:CNCVE-20083350 Dnsmasq是一款轻量级的DNS服务程序。 Dnsmasq处理租期存在多个安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 -当未知客户端尝试刷新DHCP租期时存在问题可导致应用程序崩溃。 -当一个没有租期的主机处理DHCPINFORM时可导致应用程序崩溃。 Gentoo net-dns/dnsmasq 2.43 Dnsmasq Dnsmasq 2.43 升级到最新版本: <a href=http://www.thekelleys.org.uk/dnsmasq/doc.html target=_blank>http://www.thekelleys.org.uk/dnsmasq/doc.html</a>
idSSV:3994
last seen2017-11-19
modified2008-09-10
published2008-09-10
reporterRoot
titleDnsmasq DCHP租期多个远程拒绝服务漏洞

Statements

contributorMark J Cox
lastmodified2008-07-30
organizationRed Hat
statementNot vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.