Vigil@nce - Dnsmasq: listening on all interfaces via libvirt and TCP
January 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Dnsmasq is installed on a server using libvirt, Dnsmasq
accepts TCP queries coming from all interfaces, so an attacker can
for example create a distributed denial of service.
Impacted products: Dnsmasq
Severity: 1/4
Creation date: 18/01/2013
DESCRIPTION OF THE VULNERABILITY
The VIGILANCE-VUL-11750 (https://vigilance.fr/tree/1/11750)
bulletin describes a vulnerability of Dnsmasq with libvirt, which
accepts queries coming from all interfaces.
This vulnerability was corrected (VIGILANCE-SOL-26802
(https://vigilance.fr/tree/2/26802)) for DNS packets on UDP.
However, an attacker can still use DNS packets on TCP.
When Dnsmasq is installed on a server using libvirt, Dnsmasq
therefore accepts TCP queries coming from all interfaces, so an
attacker can for example create a distributed denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Dnsmasq-listening-on-all-interfaces-via-libvirt-and-TCP-12340