Bug 231282 - net-dns/dnsmasq possibly affected by cache poisoning issue VU#800113 ?
Bug#: 231282 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: vorlon@gentoo.org
Component: Vulnerabilities
URL:  http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002147.html
Summary: net-dns/dnsmasq possibly affected by cache poisoning issue VU#800113 ?
Keywords:  
Status Whiteboard: ?? [glsa]
Opened: 2008-07-09 10:48 0000
Description:   Opened: 2008-07-09 10:48 0000 
dnsmasq is probably affected by the cache poisoning issues too, see $URL

------- Comment #1 From Patrick McLean 2008-07-09 18:25:50 0000 ------- 
Yes, it does appear to be affected, I will update the version in portage as
soon as a fix is out.

------- Comment #2 From Patrick McLean 2008-07-09 21:49:00 0000 ------- 
comitted net-dns/dnsmasq-2.43_rc3 which should have the fix (although it is
unclear if dnsmasq is affected)

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html

------- Comment #3 From Matt Connor 2008-07-10 00:40:11 0000 ------- 
I've tested both versions. I noticed that in the recently committed version
that dnsmasq doesn't leave a high numbered UDP port open (in my case it was
32781)

output of netstat -an | grep udp

Version 2.42:
udp        0      0 0.0.0.0:32781           0.0.0.0:*                           
udp        0      0 0.0.0.0:53              0.0.0.0:*                           

Version 2.43rc3:                 
udp        0      0 0.0.0.0:53              0.0.0.0:*

------- Comment #4 From Matthias Geerdsen 2008-07-11 14:50:04 0000 ------- 
Arches, please test and mark stable:
=net-dns/dnsmasq-2.43
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

------- Comment #5 From Jeroen Roovers 2008-07-11 15:22:16 0000 ------- 
Stable for HPPA.

------- Comment #6 From Patrick McLean 2008-07-11 15:26:34 0000 ------- 
stable on amd64

------- Comment #7 From Friedrich Oslage 2008-07-11 15:50:38 0000 ------- 
sparc stable

------- Comment #8 From Raúl Porcel 2008-07-11 16:22:53 0000 ------- 
alpha/ia64/x86 stable

------- Comment #9 From Markus Rothe 2008-07-12 14:24:21 0000 ------- 
ppc64 stable

------- Comment #10 From Tobias Scherbaum 2008-07-13 17:25:46 0000 ------- 
ppc stable

------- Comment #11 From Pierre-Yves Rofes 2008-07-13 19:25:24 0000 ------- 
Since bind got a GLSA, I guess we'll have another one, but maybe we should
combine with other DNS resolvers? Anyway, glsa reques filed.

------- Comment #12 From Robert Buchholz 2008-09-04 20:12:33 0000 ------- 
GLSA 200809-02