thr3ads.net - Secure testing team - [Secure-testing-team] Bug#490123: dnsmasq: appears to be vulnerable to cache poisoning attack CVE-2008-1447 [Jul 2008]

If this information is useful, please help other people find it:
Share via:

Hamish Moffatt

2008-Jul-10 00:37 UTC

[Secure-testing-team] Bug#490123: dnsmasq: appears to be vulnerable to cache poisoning attack CVE-2008-1447

Package: dnsmasq
Version: 2.42-4
Severity: grave
Tags: security
Justification: user security hole

dnsmasq appears to be vulnerable to CVE-2008-1447, the DNS cache
poisoning exploit. From my reading of the source code and observation
with tcpdump, dnsmasq doesn''t do any source port randomisation.

dnsmasq binds a UDP socket for each of the forwarding name servers when
they are added (on startup, or configuration change), then uses those
sockets forever. The source port doesn''t change between queries.
tcpdump
confirms this.


thanks
Hamish

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (1,
''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages dnsmasq depends on:
ii  adduser                       3.108      add and remove users and groups
ii  dnsmasq-base                  2.42-4     A small caching DNS proxy and DHCP
ii  netbase                       4.32       Basic TCP/IP networking system

dnsmasq recommends no packages.

-- no debconf information

Secure testing team - Jul 2008 - Bug#490123: dnsmasq: appears to be vulnerable to cache poisoning attack CVE-2008-1447

[Secure-testing-team] Bug#490123: dnsmasq: appears to be vulnerable to cache poisoning attack CVE-2008-1447