A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
27 Oct 2022, 12:45
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
01 Mar 2022, 16:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle
Oracle communications Cloud Native Core Network Function Cloud Native Environment |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:* |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jun 2021, 19:04
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202105-20 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/ - Mailing List, Third Party Advisory |
26 May 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2021, 19:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/ - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939368 - Exploit, Issue Tracking, Patch, Third Party Advisory |
24 Apr 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Apr 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Apr 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-358 |
20 Apr 2021, 18:08
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939368 - Exploit, Issue Tracking, Patch | |
CPE | cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 4.0 |
08 Apr 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-08 23:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3448
Mitre link : CVE-2021-3448
CVE.ORG link : CVE-2021-3448
JSON object : View
Products Affected
thekelleys
- dnsmasq
oracle
- communications_cloud_native_core_network_function_cloud_native_environment
redhat
- enterprise_linux
fedoraproject
- fedora
CWE