Your submission was sent successfully! Close

CVE-2021-3448

Published: 8 April 2021

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Priority

Medium

CVSS 3 base score: 4.0

Status

Package Release Status
dnsmasq
Launchpad, Ubuntu, Debian
bionic
Released (2.79-1ubuntu0.4)
focal
Released (2.80-1.1ubuntu1.4)
groovy
Released (2.82-1ubuntu1.3)
hirsute
Released (2.84-1ubuntu2.1)
impish
Released (2.85-1ubuntu1)
jammy
Released (2.85-1ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (2.85)
xenial Needed