FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dnsmasq -- cache poisoning vulnerability in certain configurations

Affected packages
dnsmasq < 2.85.r1,1
dnsmasq-devel < 2.85.r1,3


VuXML ID 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Discovery 2021-03-17
Entry 2021-03-18

Simon Kelley reports:

[In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible.

This only affects configurations of the form server= or server=, i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager.


CVE Name CVE-2021-3448