Your submission was sent successfully! Close

CVE-2021-3448

Published: 8 April 2021

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Notes

AuthorNote
mdeslaur
This issue only affects dnsmasq in non-default configurations
where the server=<address>@<interface> option is used. In those
environments, this issue can be prevented by disabling cache by
also using a cache-size=0 configuration option.

For the dnsmasq instance used by Network-Manager, it is not
vulnerable to this issue as Ubuntu disables caching by
default. (See Update-dnsmasq-parameters.patch in the
network-manager package)
Priority

Low

CVSS 3 base score: 4.0

Status

Package Release Status
dnsmasq
Launchpad, Ubuntu, Debian
bionic
Released (2.79-1ubuntu0.4)
focal
Released (2.80-1.1ubuntu1.4)
groovy
Released (2.82-1ubuntu1.3)
hirsute
Released (2.84-1ubuntu2.1)
impish
Released (2.85-1ubuntu1)
jammy
Released (2.85-1ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (2.85)
xenial
Released (2.79-1ubuntu0.16.04.1+esm1)
Patches:
upstream: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2