Lucene search
Ubuntu.comUB:CVE-2012-3411HistoryMar 05, 2013 - 12:00 a.m.
CVE-2012-3411
2013-03-0500:00:00
ubuntu.com
ubuntu.com
31
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.021
Percentile
89.3%
Dnsmasq before 2.63test1, when used with certain libvirt configurations,
replies to requests from prohibited interfaces, which allows remote
attackers to cause a denial of service (traffic amplification) via a
spoofed DNS query.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=833033>
- <https://bugzilla.redhat.com/show_bug.cgi?id=838528>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372>
Notes
| Author | Note |
|---|---|
| jdstrand | patch sent upstream but not yet sent upstream or in the git repository (http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary) |
| mdeslaur | upstream has added a new --bind-dynamic option in 2.63 instead of using the RH patch. libvirt needs to be modified to use --bind-dynamic also. |
| seth-arnold | (pt2) fixes a likely FTBFS introduced by (pt1) – there may be more, the commit message didn’t make finding this one easy |
| mdeslaur | changes are intrusive and may introduce behaviour changes in stable releases. We will not be backporting this fix. Marking as ignored. |
Related
openvas
openvas
CentOS Update for dnsmasq CESA-2013:0277 centos6
2013-03-12 00:00:00
RedHat Update for dnsmasq RHSA-2013:0277-02
2013-02-22 00:00:00
RedHat Update for libvirt RHSA-2013:0276-02
2013-02-22 00:00:00
centos
centos
libvirt security update
2013-02-27 19:36:11
dnsmasq security update
2013-02-27 19:34:22
prion
prion
Code injection
2013-03-05 21:38:00
Code injection
2013-03-05 21:38:00
nessus
nessus
Fedora 17 : dnsmasq-2.63-1.fc17 (2012-12598)
2012-09-12 00:00:00
dnsmasq < 2.63test1 libvirtd TCP Network Packet Parsing Response DNS Amplification DoS
2015-12-22 00:00:00
Fedora 17 : libvirt-0.9.11.8-2.fc17 (2012-20531)
2013-01-04 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 18 Update: libvirt-0.10.2.2-3.fc18
2012-12-20 05:38:21
[SECURITY] Fedora 17 Update: dnsmasq-2.63-1.fc17
2012-09-12 00:31:29
[SECURITY] Fedora 17 Update: libvirt-0.9.11.8-2.fc17
2013-01-03 07:24:39
nvd
nvd
CVE-2012-3411
2013-03-05 21:38:54
CVE-2013-0198
2013-03-05 21:38:54
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:56:53
cvelist
cvelist
CVE-2012-3411
2013-03-04 21:00:00
CVE-2013-0198
2013-03-04 21:00:00
amazon
amazon
Medium: dnsmasq
2013-03-02 16:49:00
debiancve
debiancve
CVE-2012-3411
2013-03-05 21:38:54
CVE-2013-0198
2013-03-05 21:38:54
oraclelinux
oraclelinux
dnsmasq security, bug fix and enhancement update
2013-02-22 00:00:00
libvirt security, bug fix, and enhancement update
2013-02-27 00:00:00
cve
cve
CVE-2012-3411
2013-03-05 21:38:54
CVE-2013-0198
2013-03-05 21:38:54
ubuntucve
ubuntucve
CVE-2013-0198
2013-03-05 00:00:00
gentoo
gentoo
Dnsmasq: Denial of Service
2014-06-25 00:00:00
osv
osv
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.021
Percentile
89.3%
Related for UB:CVE-2012-3411