Vulnerability CVE-2021-3448

Vulnerability Name:

CVE-2021-3448 (CCN-199679)

Assigned:

2021-03-12

Published:

2021-03-12

Updated:

2022-10-27

Summary:

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

CVSS v3 Severity:

4.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
3.5 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

4.0 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
3.5 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-Other
CWE-358

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-3448

Source: CCN
Type: Red Hat Bugzilla - Bug 1939368
(CVE-2021-3448) - CVE-2021-3448 dnsmasq: fixed outgoing port used when --server is used with an interface name

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1939368

Source: XF
Type: UNKNOWN
dnsmasq-cve20213448-sec-bypass(199679)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-5cd2571751

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-9433bedebd

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-62a5062b2d

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-20

Source: CCN
Type: dnsmasq GIT Repository
Use random source ports where possible if source addresses/interfaces in use.

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* (Version < 2.85)

Configuration 2:

cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 9:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 10:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 11:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 12:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 13:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 14:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 15:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 16:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 17:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 18:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 19:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 20:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 21:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 22:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 23:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 24:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 25:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 26:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 27:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 28:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 29:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 30:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 31:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 32:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 33:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 34:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 35:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 36:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 37:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 38:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 39:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 40:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 41:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 42:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 43:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 44:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 45:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 46:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 47:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 48:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 49:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 50:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 51:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 52:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 53:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 54:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 55:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 56:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 57:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 58:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 59:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 60:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 61:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 62:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 63:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 64:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 65:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 66:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 67:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 68:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 69:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 70:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 71:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 72:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 73:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 74:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 75:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 76:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 77:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 78:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 79:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 80:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 81:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 82:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 83:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 84:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 85:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 86:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 87:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 88:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 89:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 90:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 91:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 92:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 93:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 94:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 95:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 96:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 97:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 98:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 99:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 100:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 101:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 102:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 103:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 104:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:thekelleys:dnsmasq:2.84:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7484	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:799	P	Security update for python (Moderate)	2022-10-04
oval:org.opensuse.security:def:3700	P	Security update for xorg-x11-server (Important)	2022-07-12
oval:org.opensuse.security:def:3514	P	gstreamer-plugins-base-1.8.3-13.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94539	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94626	P	libbrotli-devel-1.0.7-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2909	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95422	P	Security update for MozillaThunderbird (Important)	2022-05-17
oval:org.opensuse.security:def:6014	P	Security update for dnsmasq (Important)	2022-04-21
oval:org.opensuse.security:def:127260	P	Security update for dnsmasq (Important)	2022-04-21
oval:org.opensuse.security:def:125697	P	Security update for dnsmasq (Important)	2022-04-21
oval:org.opensuse.security:def:126863	P	Security update for dnsmasq (Important)	2022-04-21
oval:org.opensuse.security:def:99752	P	(Moderate)	2022-03-04
oval:org.opensuse.security:def:100063	P	(Moderate)	2022-01-20
oval:org.opensuse.security:def:112160	P	dnsmasq-2.86-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99159	P	(Important)	2021-11-10
oval:com.redhat.rhsa:def:20214153	P	RHSA-2021:4153: dnsmasq security and bug fix update (Moderate)	2021-11-09
oval:org.opensuse.security:def:111114	P	Security update for dnsmasq (Moderate)	2021-10-31
oval:org.opensuse.security:def:10354	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:101339	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:106044	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:70494	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:76370	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:9048	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:42135	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:108005	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:99553	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:92603	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:67302	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:73725	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:117519	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:5874	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:102135	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:106243	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:98964	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:92014	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:64603	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:9604	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:42233	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:108801	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:105654	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:92802	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:69744	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:73911	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:6213	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:106442	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:92209	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:64789	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:9803	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:105849	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:69943	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:76031	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:8853	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:106729	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:99354	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:111766	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:92404	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:66963	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:105696	P	dnsmasq-2.86-1.1 on GA media (Moderate)	2021-10-01

BACK