Improper input validation in Thekelleys Dnsmasq
CVE-2012-3411
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.009 (75.7th percentile) — read the EPSS interpretation.
Affected products
- Thekelleys Dnsmasq
- Redhat Enterprise_linux_desktop — versions 6.0
- Redhat Enterprise_linux_server — versions 6.0
- Redhat Enterprise_linux_workstation — versions 6.0
- N/a — versions n/a
Weakness classification (CWE)
References
- MDVSA-2013:072 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
- RHSA-2013:0276 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- [oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- RHSA-2013:0579 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
- 54353 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
- RHSA-2013:0277 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)