CVE-2020-25686
First published: Wed Oct 21 2020(Updated: )
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/dnsmasq | 2.80-1+deb10u1 2.85-1 2.89-1 | |
| redhat/dnsmasq | <2.83 | 2.83 |
| Thekelleys Dnsmasq | <2.83 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =10.0 | |
| Arista EOS | >=4.21<4.21.14m | |
| Arista EOS | >=4.22<4.22.9m | |
| Arista EOS | >=4.23<4.23.7m | |
| Arista EOS | >=4.24<4.24.5m | |
| Arista EOS | >=4.25<4.25.2f |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2021/01/19/1
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=12af2b171de0d678d98583e2190789e544440e02
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3f535da79e7a42104543ef5c7b5fa2bed819a78b
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=141a26f979b4bc959d8e866a295e24f8cf456920
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=305cb79c5754d5554729b18a2c06fe7ce699687a
- https://security-tracker.debian.org/tracker/CVE-2020-25686
- https://bugzilla.redhat.com/show_bug.cgi?id=1890125
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
- https://security.gentoo.org/glsa/202101-17
- https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61
- https://www.debian.org/security/2021/dsa-4844
- https://www.jsof-tech.com/disclosures/dnspooq/
- https://libvirt.org/formatnetwork.html#elementsNamespaces
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1917787
- https://access.redhat.com/errata/RHSA-2021:0152
- https://access.redhat.com/errata/RHSA-2021:0150
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914
- https://access.redhat.com/errata/RHSA-2021:0151
- https://access.redhat.com/errata/RHSA-2021:0156
- https://access.redhat.com/errata/RHSA-2021:0153
- https://access.redhat.com/errata/RHSA-2021:0154
- https://access.redhat.com/errata/RHSA-2021:0155
- https://access.redhat.com/security/cve/cve-2020-25686
- https://access.redhat.com/errata/RHSA-2021:0240
- https://access.redhat.com/errata/RHSA-2021:0245
- https://access.redhat.com/errata/RHSA-2021:0395
- https://access.redhat.com/errata/RHSA-2021:0401
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
Frequently Asked Questions
What is CVE-2020-25686?
CVE-2020-25686 refers to a flaw found in dnsmasq before version 2.83 that allows multiple queries for the same name to be forwarded.
What is the severity of CVE-2020-25686?
The severity of CVE-2020-25686 is medium, with a CVSS score of 3.7.
Which software versions are affected by CVE-2020-25686?
Versions 2.80-1+deb10u1, 2.85-1, and 2.89-1 of dnsmasq are affected by CVE-2020-25686.
How can I fix CVE-2020-25686?
To fix CVE-2020-25686, update dnsmasq to version 2.83 or higher.
Can Arista EOS be affected by CVE-2020-25686?
Yes, Arista EOS versions between 4.21 and 4.25 can be affected by CVE-2020-25686.
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25686
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/thekelleys
- canonical/thekelleys dnsmasq
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/arista
- canonical/arista eos
- version/arista eos/4.21
- version/arista eos/4.22
- version/arista eos/4.23
- version/arista eos/4.24
- version/arista eos/4.25
- package-manager/redhat