CVE-2020-25684
First published: Tue Oct 20 2020(Updated: )
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thekelleys Dnsmasq | <2.83 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Arista EOS | >=4.21<4.21.14m | |
| Arista EOS | >=4.22<4.22.9m | |
| Arista EOS | >=4.23<4.23.7m | |
| Arista EOS | >=4.24<4.24.5m | |
| Arista EOS | >=4.25<4.25.2f | |
| redhat/dnsmasq | <2.83 | 2.83 |
| debian/dnsmasq | 2.80-1+deb10u1 2.85-1 2.89-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1889686
- https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
- https://security.gentoo.org/glsa/202101-17
- https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61
- https://www.debian.org/security/2021/dsa-4844
- https://www.jsof-tech.com/disclosures/dnspooq/
- https://www.openwall.com/lists/oss-security/2021/01/19/1
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca
- https://security-tracker.debian.org/tracker/CVE-2020-25684
- https://libvirt.org/formatnetwork.html#elementsNamespaces
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1917784
- https://access.redhat.com/errata/RHSA-2021:0152
- https://access.redhat.com/errata/RHSA-2021:0150
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca
- https://access.redhat.com/errata/RHSA-2021:0151
- https://access.redhat.com/errata/RHSA-2021:0156
- https://access.redhat.com/errata/RHSA-2021:0153
- https://access.redhat.com/errata/RHSA-2021:0154
- https://access.redhat.com/errata/RHSA-2021:0155
- https://access.redhat.com/security/cve/cve-2020-25684
- https://access.redhat.com/errata/RHSA-2021:0240
- https://access.redhat.com/errata/RHSA-2021:0245
- https://access.redhat.com/errata/RHSA-2021:0395
- https://access.redhat.com/errata/RHSA-2021:0401
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2020-25684.
What is the severity level of CVE-2020-25684?
The severity level of CVE-2020-25684 is medium, with a severity value of 3.7.
What software versions are affected by CVE-2020-25684?
Dnsmasq versions up to and including 2.83 are affected by CVE-2020-25684. Fedora 32, Fedora 33, Debian Linux 9.0, Debian Linux 10.0, and Arista EOS versions ranging from 4.21 to 4.25 are also affected.
How can I fix CVE-2020-25684?
To fix CVE-2020-25684, update your Dnsmasq software to version 2.83 or later. If you are using Fedora, Debian, or Arista EOS, update to the respective patched versions.
Where can I find more information about CVE-2020-25684?
You can find more information about CVE-2020-25684 in the references provided: Bugzilla for Red Hat, Debian LTS announcement, and Fedora package-announce mailing list.
- collector/nvd-index
- collector/security-tracker-debian
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/type
- agent/description
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25684
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/thekelleys
- canonical/thekelleys dnsmasq
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/arista
- canonical/arista eos
- version/arista eos/4.21
- version/arista eos/4.22
- version/arista eos/4.23
- version/arista eos/4.24
- version/arista eos/4.25
- package-manager/debian
- package-manager/redhat