Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-14312

Опубликовано: 06 фев. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.9

Описание

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

РелизСтатусПримечание
bionic

not-affected

2.79-1
devel

not-affected

eoan

not-affected

esm-infra-legacy/trusty

ignored

esm-infra/bionic

not-affected

2.79-1
esm-infra/focal

not-affected

esm-infra/xenial

not-affected

2.75-1ubuntu0.16.04.5
focal

not-affected

precise/esm

ignored

trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.00132
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-14312

CVSS3: 4
redhat
больше 5 лет назад

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

nvd логотип

CVE-2020-14312

CVSS3: 5.9
nvd
около 5 лет назад

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

debian логотип

CVE-2020-14312

CVSS3: 5.9
debian
около 5 лет назад

A flaw was found in the default configuration of dnsmasq, as shipped w ...

github логотип

GHSA-xr95-5hhj-crp6

CVSS3: 5.9
github
больше 3 лет назад

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

suse-cvrf логотип

openSUSE-SU-2021:3530-1

suse-cvrf
больше 4 лет назад

Security update for dnsmasq

EPSS

Процентиль: 33%
0.00132
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3