CVE-2020-14312

EUVD-2020-6464

06.02.2021, 00:15

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
fedoraproject	fedora	𝑥 < 31

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

dnsmasq

bookworm	2.89-1 fixed
bullseye	2.85-1 fixed
sid	2.90-4 fixed
trixie	2.90-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

dnsmasq

bionic	not-affected
eoan	not-affected
focal	not-affected
trusty	ignored
xenial	not-affected

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1851342