Open Resolver Vulnerability in Dnsmasq with Fedora and Red Hat Enterprise Linux
CVE-2020-14312

5.9MEDIUM

Key Information:

Vendor: Fedoraproject
Status: Dnsmasq
Vendor: CVE Published:; 6 February 2021

Summary

A flaw exists in the default configuration of dnsmasq, commonly included with Fedora prior to version 31 and all versions of Red Hat Enterprise Linux. The service listens for DNS queries on any interface and is configured to accept requests from addresses outside its local subnet, primarily due to the 'local-service' option being disabled. This misconfiguration can lead to dnsmasq functioning as an open resolver, exposing it to the internet. Consequently, this vulnerability could be exploited by attackers to mount Distributed Denial of Service (DDoS) attacks against other systems.

Affected Version(s)

dnsmasq Fedora version prior to 31

dnsmasq all RHEL versions

References

https://bugzilla.redhat.com/show_bug.cgi?id=1851342

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2021
Vulnerability Reserved
Jun 17, 2020