[Secure-testing-team] Bug#490123: dnsmasq: appears to be vulnerable to cache poisoning attack CVE-2008-1447
Hamish Moffatt
hamish at debian.org
Thu Jul 10 00:37:20 UTC 2008
Package: dnsmasq
Version: 2.42-4
Severity: grave
Tags: security
Justification: user security hole
dnsmasq appears to be vulnerable to CVE-2008-1447, the DNS cache
poisoning exploit. From my reading of the source code and observation
with tcpdump, dnsmasq doesn't do any source port randomisation.
dnsmasq binds a UDP socket for each of the forwarding name servers when
they are added (on startup, or configuration change), then uses those
sockets forever. The source port doesn't change between queries. tcpdump
confirms this.
thanks
Hamish
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dnsmasq depends on:
ii adduser 3.108 add and remove users and groups
ii dnsmasq-base 2.42-4 A small caching DNS proxy and DHCP
ii netbase 4.32 Basic TCP/IP networking system
dnsmasq recommends no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list