Vulnerability Name:

CVE-2008-3350 (CCN-43957)

Assigned:2008-07-20
Published:2008-07-20
Updated:2017-08-08
Summary:dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: gmane Mailing List, 2008-07-20 14:20:09 GMT
dnsmasq 2.44 available

Source: MLIST
Type: Patch
[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.

Source: MITRE
Type: CNA
CVE-2008-3350

Source: CCN
Type: SA31197
dnsmasq Denial of Service and DNS Cache Poisoning

Source: SECUNIA
Type: Vendor Advisory
31197

Source: CCN
Type: GLSA-200809-02
dnsmasq: Denial of Service and DNS spoofing

Source: CONFIRM
Type: UNKNOWN
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Source: CCN
Type: Dnsmasq Web page
Dnsmasq

Source: VUPEN
Type: UNKNOWN
ADV-2008-2166

Source: XF
Type: UNKNOWN
dnsmasq-dhcplease-dos(43957)

Source: XF
Type: UNKNOWN
dnsmasq-dhcplease-dos(43957)

Source: XF
Type: UNKNOWN
dnsmasq-dhcpinform-dos(43960)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-3350 (CCN-43960)

    Assigned:2008-07-20
    Published:2008-07-20
    Updated:2008-07-20
    Summary:Dnsmasq is vulnerable to a denial of service, caused by the improper performing of DHCPINFORM by a host without a lease. A remote attacker could exploit this vulnerability to cause the service to crash.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2008-3350

    Source: CCN
    Type: SA31197
    dnsmasq Denial of Service and DNS Cache Poisoning

    Source: CCN
    Type: GLSA-200809-02
    dnsmasq: Denial of Service and DNS spoofing

    Source: CCN
    Type: Dnsmasq Web page
    Dnsmasq

    Source: XF
    Type: UNKNOWN
    dnsmasq-dhcpinform-dos(43960)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    the_kelleys dnsmasq 2.43
    thekelleys dnsmasq 2.43
    gentoo linux *