CVE-2012-3411
Published: 5 March 2013
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
Notes
Author | Note |
---|---|
jdstrand | patch sent upstream but not yet sent upstream or in the git repository (http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary) |
mdeslaur | upstream has added a new --bind-dynamic option in 2.63 instead of using the RH patch. libvirt needs to be modified to use --bind-dynamic also. |
seth-arnold | (pt2) fixes a likely FTBFS introduced by (pt1) -- there may be more, the commit message didn't make finding this one easy |
mdeslaur | changes are intrusive and may introduce behaviour changes in stable releases. We will not be backporting this fix. Marking as ignored. |