CVE-2021-3448

Beschreibung:
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

CWE: CWE-358 CWE-284

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 4 (Version: 3.1)

Links:

NVD – CVE-2021-3448
CVE – CVE-2021-3448

Link (max. 20) Quelle Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1939368 MISC Exploit Issue Tracking Patch Third Party Advisory
FEDORA-2021-62a5062b2d FEDORA Third Party Advisory Third Party Advisory
FEDORA-2021-9433bedebd FEDORA Third Party Advisory Third Party Advisory
FEDORA-2021-5cd2571751 FEDORA Third Party Advisory Vendor Advisory
[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update MLIST Third Party Advisory Vendor Advisory
[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) MLIST Mailing List Third Party Advisory
[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix MLIST Mailing List Third Party Advisory Vendor Advisory

Quelle: NVD – CVE-2021-3448
Datum Veröffentlichung: 2021-04-08T23:15Z, Datum letzte Änderung: 2021-05-04T19:14Z