 |
|
|
|
| dnsmasq multiple security vulnerabilities | | Published: |  | 07.09.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9272 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | DNS records spoofing, DoS. |
| Affected: |  | DNSMASQ : dnsmasq 2.4 | | CVE: |  | CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.) | | | | CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.") |
|
|
|
|
|
|
|
|
