Authentication Bypass Affecting dnsmasq-utils package, versions <0:2.79-13.el8_3.1


Severity

Recommended
high

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.62% (80th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL8-DNSMASQUTILS-3917401
  • published26 Jul 2021
  • disclosed19 Jan 2021

Introduced: 19 Jan 2021

CVE-2020-25686  (opens in a new tab)
CWE-290  (opens in a new tab)

How to fix?

Upgrade RHEL:8 dnsmasq-utils to version 0:2.79-13.el8_3.1 or higher.
This issue was patched in RHSA-2021:0150.

NVD Description

Note: Versions mentioned in the description apply only to the upstream dnsmasq-utils package and not the dnsmasq-utils package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS Scores

version 3.1