製品・ソフトウェアに関する情報

JVN脆弱性詳細

Dnsmasq におけるサービス運用妨害 (トラフィック増幅) の脆弱性

Title	Dnsmasq におけるサービス運用妨害 (トラフィック増幅) の脆弱性
Summary	Dnsmasq は、特定の設定の libvirt と共に使用された場合、意図しないインターフェイスからのリクエストに応答するため、サービス運用妨害 (トラフィック増幅) 状態となる脆弱性が存在します。
Possible impacts	第三者により、偽装された DNS クエリを介して、サービス運用妨害 (トラフィック増幅) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 5, 2013, midnight
Registration Date	March 7, 2013, 7 p.m.
Last Update	March 7, 2013, 7 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

thekelleys

Dnsmasq 2.63test1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3411	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3411
National Vulnerability Database (NVD)
2	CVE-2012-3411	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3411

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Debian Bug report logs
1	#683372	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372
Red Hat Bugzilla
2	Bug 833033	https://bugzilla.redhat.com/show_bug.cgi?id=833033
Red Hat Security Advisory
3	RHSA-2013:0276	http://rhn.redhat.com/errata/RHSA-2013-0276.html
4	RHSA-2013:0277	http://rhn.redhat.com/errata/RHSA-2013-0277.html
thekelleys
5	Add --bind-dynamic v2.63test1	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0
6	CHANGELOG	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
7	Don't elide code needed for --bind-dynamic if compiled without IPv6.	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147

Change Log

No	Changed Details	Date of change
0	[2013年03月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-3411

Summary	Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
Publication Date	March 6, 2013, 6:38 a.m.
Registration Date	Jan. 28, 2021, 3 p.m.
Last Update	Nov. 21, 2024, 10:40 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:thekelleys:dnsmasq::::::::			2.62

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372	Issue Tracking Third Party Advisory
2	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372	Issue Tracking Third Party Advisory
3	http://rhn.redhat.com/errata/RHSA-2013-0276.html	Third Party Advisory
4	http://rhn.redhat.com/errata/RHSA-2013-0276.html	Third Party Advisory
5	http://rhn.redhat.com/errata/RHSA-2013-0277.html	Third Party Advisory
6	http://rhn.redhat.com/errata/RHSA-2013-0277.html	Third Party Advisory
7	http://rhn.redhat.com/errata/RHSA-2013-0579.html	Third Party Advisory
8	http://rhn.redhat.com/errata/RHSA-2013-0579.html	Third Party Advisory
9	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147
10	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23292f84cefc33e8de76fb856147
11	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0
12	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc0c19088fbd319b95e37d81a2b0
13	http://www.mandriva.com/security/advisories?name=MDVSA-2013:072	Third Party Advisory
14	http://www.mandriva.com/security/advisories?name=MDVSA-2013:072	Third Party Advisory
15	http://www.openwall.com/lists/oss-security/2012/07/12/5	Mailing List Third Party Advisory
16	http://www.openwall.com/lists/oss-security/2012/07/12/5	Mailing List Third Party Advisory
17	http://www.securityfocus.com/bid/54353	Third Party Advisory VDB Entry
18	http://www.securityfocus.com/bid/54353	Third Party Advisory VDB Entry
19	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG	Release Notes Vendor Advisory
20	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG	Release Notes Vendor Advisory
21	https://bugzilla.redhat.com/show_bug.cgi?id=833033	Issue Tracking Patch Third Party Advisory
22	https://bugzilla.redhat.com/show_bug.cgi?id=833033	Issue Tracking Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html