IBM Security Privileged Identity Manager has addressed issues for dnsmasq as follows.
CVEID:CVE-2020-25684
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the failure to validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses. By using unsolicited DNS responses, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195081 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
CVEID:CVE-2020-25685
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the use of a weak hashing algorithm (CRC32) when compiled without DNSSEC to validate DNS responses. By using unsolicited DNS responses, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195082 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
CVEID:CVE-2020-25686
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the failure to check for an existing pending request for the same name. By performing a "Birthday Attack" scenario to forge replies, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195083 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
ISPIM | 2.1.1 |
Affected Product(s) | Version(s) | Remediation |
---|---|---|
ISPIM | 2.1.1 | 2.1.1-ISS-ISPIM-VA-FP0007 |
None