Denial of Service : Dnsmasq < 2.73rc4 DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.117277

Categoría: Denial of Service

Título: Dnsmasq < 2.73rc4 DoS Vulnerability

Resumen: Dnsmasq is prone to a Denial of Service (DoS); vulnerability.

Descripción: Summary:
Dnsmasq is prone to a Denial of Service (DoS)
vulnerability.

Vulnerability Insight:
The tcp_request function in Dnsmasq does not properly
handle the return value of the setup_reply function, which allows remote attackers to
read process memory and cause a denial of service (out-of-bounds read and crash) via a
malformed DNS request.

Affected Software/OS:
Dnsmasq prior to 2.73rc4.

Solution:
Update to version 2.73rc4 or later.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3294
BugTraq ID: 74452
http://www.securityfocus.com/bid/74452
Bugtraq: 20150423 Dnsmasq 2.72 Unchecked returned value (Google Search)
http://www.securityfocus.com/archive/1/535354/100/1100/threaded
Debian Security Information: DSA-3251 (Google Search)
http://www.debian.org/security/2015/dsa-3251
https://security.gentoo.org/glsa/201512-01
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html
http://www.securitytracker.com/id/1032195
SuSE Security Announcement: openSUSE-SU-2015:0857 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
http://www.ubuntu.com/usn/USN-2593-1

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.117277
Categoría:	Denial of Service
Título:	Dnsmasq < 2.73rc4 DoS Vulnerability
Resumen:	Dnsmasq is prone to a Denial of Service (DoS); vulnerability.
Descripción:	Summary: Dnsmasq is prone to a Denial of Service (DoS) vulnerability. Vulnerability Insight: The tcp_request function in Dnsmasq does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. Affected Software/OS: Dnsmasq prior to 2.73rc4. Solution: Update to version 2.73rc4 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3294 BugTraq ID: 74452 http://www.securityfocus.com/bid/74452 Bugtraq: 20150423 Dnsmasq 2.72 Unchecked returned value (Google Search) http://www.securityfocus.com/archive/1/535354/100/1100/threaded Debian Security Information: DSA-3251 (Google Search) http://www.debian.org/security/2015/dsa-3251 https://security.gentoo.org/glsa/201512-01 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html http://www.securitytracker.com/id/1032195 SuSE Security Announcement: openSUSE-SU-2015:0857 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html http://www.ubuntu.com/usn/USN-2593-1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH