CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
89.3%
Dnsmasq before 2.63test1, when used with certain libvirt configurations,
replies to requests from prohibited interfaces, which allows remote
attackers to cause a denial of service (traffic amplification) via a
spoofed DNS query.
Author | Note |
---|---|
jdstrand | patch sent upstream but not yet sent upstream or in the git repository (http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary) |
mdeslaur | upstream has added a new --bind-dynamic option in 2.63 instead of using the RH patch. libvirt needs to be modified to use --bind-dynamic also. |
seth-arnold | (pt2) fixes a likely FTBFS introduced by (pt1) – there may be more, the commit message didn’t make finding this one easy |
mdeslaur | changes are intrusive and may introduce behaviour changes in stable releases. We will not be backporting this fix. Marking as ignored. |