SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Dnsmasq Vendors:   Kelley, Simon
(Red Hat Issues Fix) Dnsmasq DNS Query Port Entropy Weakness Lets Remote Users Spoof the System
SecurityTracker Alert ID:  1020655
SecurityTracker URL:  http://securitytracker.com/id/1020655
CVE Reference:   CVE-2008-1447   (Links to External Site)
Date:  Aug 12 2008
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.43
Description:   A vulnerability was reported in Dnsmasq. A remote user can spoof the system.

The domain name system (DNS) service does not use sufficiently random UDP sockets to process queries. A remote user can send specially crafted DNS queries and responses to the target service to spoof responses and insert records into the DNS cache. This may cause traffic to be redirected to arbitrary IP addresses specified by the remote user.

Dan Kaminsky of IOActive reported this vulnerability.
Impact:   A remote user can spoof the DNS service, causing traffic to be redirected to arbitrary hosts.
Solution:   Red Hat has released a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2008-0789.html
Vendor URL:  www.thekelleys.org.uk/dnsmasq/doc.html (Links to External Site)
Cause:   Randomization error
Underlying OS:   Linux (Red Hat Enterprise)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 12 2008 Dnsmasq DNS Query Port Entropy Weakness Lets Remote Users Spoof the System


 Source Message Contents
Date:  Mon, 11 Aug 2008 13:03:31 -0400
Subject:  [RHSA-2008:0789-01] Moderate: dnsmasq security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dnsmasq security update
Advisory ID:       RHSA-2008:0789-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0789.html
Issue date:        2008-08-11
CVE Names:         CVE-2008-1447 
=====================================================================

1. Summary:

An updated dnsmasq package that implements UDP source-port randomization
is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to
provide DNS and, optionally, DHCP, to a small network.

The dnsmasq DNS resolver used a fixed source UDP port. This could have made
DNS spoofing attacks easier. dnsmasq has been updated to use random UDP
source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447)

All dnsmasq users are advised to upgrade to this updated package, that
upgrades dnsmasq to version 2.45, which resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network.  Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

449345 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dnsmasq-2.45-1.el5_2.1.src.rpm

i386:
dnsmasq-2.45-1.el5_2.1.i386.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.i386.rpm

x86_64:
dnsmasq-2.45-1.el5_2.1.x86_64.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dnsmasq-2.45-1.el5_2.1.src.rpm

i386:
dnsmasq-2.45-1.el5_2.1.i386.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.i386.rpm

ia64:
dnsmasq-2.45-1.el5_2.1.ia64.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.ia64.rpm

ppc:
dnsmasq-2.45-1.el5_2.1.ppc.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.ppc.rpm

s390x:
dnsmasq-2.45-1.el5_2.1.s390x.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.s390x.rpm

x86_64:
dnsmasq-2.45-1.el5_2.1.x86_64.rpm
dnsmasq-debuginfo-2.45-1.el5_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.redhat.com/security/updates/classification/#moderate
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIoHCZXlSAg2UNWIIRAus2AJ9jMmf+E9RFFrC5FfXhCdEpJpxRaQCeIHu3
eLCw8SUQ204PyZI8K02NTEk=
=p1Ic
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC