First published: Wed Oct 21 2020(Updated: )
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/dnsmasq | 2.80-1+deb10u1 2.85-1 2.89-1 | |
redhat/dnsmasq | <2.83 | 2.83 |
Thekelleys Dnsmasq | <2.83 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Debian Debian Linux | =10.0 | |
Arista EOS | >=4.21<4.21.14m | |
Arista EOS | >=4.22<4.22.9m | |
Arista EOS | >=4.23<4.23.7m | |
Arista EOS | >=4.24<4.24.5m | |
Arista EOS | >=4.25<4.25.2f |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25686 refers to a flaw found in dnsmasq before version 2.83 that allows multiple queries for the same name to be forwarded.
The severity of CVE-2020-25686 is medium, with a CVSS score of 3.7.
Versions 2.80-1+deb10u1, 2.85-1, and 2.89-1 of dnsmasq are affected by CVE-2020-25686.
To fix CVE-2020-25686, update dnsmasq to version 2.83 or higher.
Yes, Arista EOS versions between 4.21 and 4.25 can be affected by CVE-2020-25686.