DNS Cache Poisoning Vulnerability in Dnsmasq Product by The Kelleys
CVE-2005-0877

7.5HIGH

Key Information:

Vendor

Dnsmasq

Status
Dnsmasq
Vendor
CVE Published:
2 May 2005

What is CVE-2005-0877?

Dnsmasq, a lightweight DNS forwarder and DHCP server, is vulnerable to a DNS cache poisoning attack due to improper handling of responses. Attackers can exploit this flaw by sending malicious DNS responses to queries that were not initiated by Dnsmasq. This may lead to users being misdirected to malicious or erroneous websites, thereby compromising the integrity of the network. It is crucial for system administrators to update their Dnsmasq installations to version 2.21 or later to mitigate this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19826
vdb-entryx_refsource_XF
http://secunia.com/advisories/14691
third-party-advisoryx_refsource_SECUNIA
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.