CVE-2020-25685
Description
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.355
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq_2.79-1ubuntu0.2_all.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq_2.82-1ubuntu1.1_all.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq_2.80-1.1ubuntu1.2_all.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq_2.75-1ubuntu0.16.04.7_all.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-base_2.79-1ubuntu0.2_i386.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-base_2.79-1ubuntu0.2_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-base_2.82-1ubuntu1.1_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-base_2.80-1.1ubuntu1.2_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-base_2.75-1ubuntu0.16.04.7_i386.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-base_2.75-1ubuntu0.16.04.7_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-utils_2.79-1ubuntu0.2_i386.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-utils_2.79-1ubuntu0.2_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-utils_2.82-1ubuntu1.1_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-utils_2.80-1.1ubuntu1.2_amd64.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-utils_2.75-1ubuntu0.16.04.7_i386.deb | Linux |
| Small caching DNS proxy and DHCP/TFTP server (USN-4698-1) dnsmasq-utils_2.75-1ubuntu0.16.04.7_amd64.deb | Linux |
| (RHSA-2021:0150) dnsmasq security update dnsmasq-2.79-13.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0150) dnsmasq security update dnsmasq-debugsource-2.79-13.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0150) dnsmasq security update dnsmasq-utils-2.79-13.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0153) dnsmasq security update dnsmasq-2.76-16.el7_9.1.x86_64.rpm | Linux |
| (RHSA-2021:0153) dnsmasq security update dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm | Linux |
| dnsmasq security update(DSA-4844-1) dnsmasq_2.80-1+deb10u1_all.deb | Linux |
| Dnsmasq update (ELSA-2021-0150) dnsmasq-2.79-13.el8_3.1.x86_64.rpm | Linux |
| Dnsmasq-utils update (ELSA-2021-0150) dnsmasq-utils-2.79-13.el8_3.1.x86_64.rpm | Linux |
| Dnsmasq update (ELSA-2021-0153) dnsmasq-2.76-16.el7_9.1.x86_64.rpm | Linux |
| Dnsmasq-utils update (ELSA-2021-0153) dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm | Linux |
| (CESA-2021:0153) dnsmasq security update dnsmasq-2.76-16.el7_9.1.x86_64.rpm | Linux |
| (CESA-2021:0153) dnsmasq security update dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0166-1(SUSE Linux Enterprise Server 12-SP5 ) dnsmasq-2.78-18.15.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0166-1(SUSE Linux Enterprise Server 12-SP5 ) dnsmasq-debuginfo-2.78-18.15.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0166-1(SUSE Linux Enterprise Server 12-SP5 ) dnsmasq-debugsource-2.78-18.15.1.x86_64.rpm | Linux |
| (RHSA-2021:0153)Moderate: security update dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm | Linux |
| Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021 For Cisco Aironet 1850 Series Access Points | NCM |
| Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021 For Cisco IP Phone 8800 Series | NCM |
| Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021 For Cisco TelePresence Video Communication Server (VCS) | NCM |
| Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021 For Cisco Nexus 9000 Series Switches | NCM |
| Inadequate Encryption Strength Vulnerability (CVE-2020-25685) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705928 | Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136) |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1705194 | Security Update for Cisco TelePresence Video Communication Server (VCS) X14.0 |
| PATCH-1706000 | Security Update for Cisco Nexus 9000 Series Switches 15.1(4c) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234