dnsmasq might be vulnerable to recent DNS spoofing issue
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnsmasq (Debian) |
Fix Released
|
Unknown
|
|||
dnsmasq (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: dnsmasq
We received the following information from Simon Kelley (dnsmasq developer) :
-------------
You've probably noticed the great publicity over the latest putative DNS exploit.
http://
CERT is sure that dnsmasq is vulnerable, so I've released version 2.43 which adds query port randomisation and a better random number generator. I'm assured this is enough to close the hole. (the exact nature of which is not known to me.)
I'm not sure what Ubuntu's procedures are for stable security updates, but a backport to 2.41 in Hardy should be no problem. (Debian security have done it back to 2.35 in Etch)
I'm attaching a diff giving the changes related to this in 2.43. This is marginally out-of-date: once applied, edit the new function random_sock() to call fix_fd() on the socket file descriptor. Check the released 2.43 code for details.
-------------
It's difficult to assess if dnsmasq is really vulnerable without more knowledge on the vulnerability (the only info I have is that dnsmasq doesn't recurse, and Dan said "if it recurses, patch it"), better safe than sorry, I suppose.
CVE References
Changed in dnsmasq: | |
status: | Unknown → Fix Released |
Changed in dnsmasq: | |
status: | New → In Progress |
Changed in dnsmasq: | |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
Debdiff for the security update in hardy
This is based on Simon's patch but applied over 2.41 (minus the version change in config.h, plus the fix_fd call in network.c). Not heavily tested.