N/A

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

N/A

不恰当实现的标准安全检查

dnsmasq 安全漏洞

dnsmasq是一款使用C语言编写的轻量级DNS转发和DHCP、TFTP服务器。 dnsmasq 存在安全漏洞，该漏洞源于随机源端口行为被禁用，使得缓存攻击成为可能。

N/A

N/A