SB2021042216 - Ubuntu update for dnsmasq

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021042216

SB2021042216 - Ubuntu update for dnsmasq

Published: April 22, 2021

Security Bulletin ID SB2021042216
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2017-15107)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.


2) Out-of-bounds read (CVE-ID: CVE-2019-14513)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing DNS packets. The vulnerability allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet.

Successful exploitation of this vulnerability may result in sensitive data disclosure or denial of service conditions.


Remediation

Install update from vendor's website.

References