Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 231282

Summary: net-dns/dnsmasq possibly affected by cache poisoning issue VU#800113 ?
Product: Gentoo Security Reporter: Matthias Geerdsen (RETIRED) <vorlon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chutzpah, holger, matt
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002147.html
Whiteboard: ?? [glsa]
Package list:
Runtime testing required: ---

Description Matthias Geerdsen (RETIRED) gentoo-dev 2008-07-09 10:48:49 UTC
dnsmasq is probably affected by the cache poisoning issues too, see $URL
Comment 1 Patrick McLean gentoo-dev 2008-07-09 18:25:50 UTC
Yes, it does appear to be affected, I will update the version in portage as soon as a fix is out.
Comment 2 Patrick McLean gentoo-dev 2008-07-09 21:49:00 UTC
comitted net-dns/dnsmasq-2.43_rc3 which should have the fix (although it is unclear if dnsmasq is affected)

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html
Comment 3 Matt Connor 2008-07-10 00:40:11 UTC
I've tested both versions. I noticed that in the recently committed version that dnsmasq doesn't leave a high numbered UDP port open (in my case it was 32781)

output of netstat -an | grep udp

Version 2.42:
udp        0      0 0.0.0.0:32781           0.0.0.0:*                           
udp        0      0 0.0.0.0:53              0.0.0.0:*                           

Version 2.43rc3:                 
udp        0      0 0.0.0.0:53              0.0.0.0:*                           
Comment 4 Matthias Geerdsen (RETIRED) gentoo-dev 2008-07-11 14:50:04 UTC
Arches, please test and mark stable:
=net-dns/dnsmasq-2.43
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2008-07-11 15:22:16 UTC
Stable for HPPA.
Comment 6 Patrick McLean gentoo-dev 2008-07-11 15:26:34 UTC
stable on amd64
Comment 7 Friedrich Oslage (RETIRED) gentoo-dev 2008-07-11 15:50:38 UTC
sparc stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-07-11 16:22:53 UTC
alpha/ia64/x86 stable
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2008-07-12 14:24:21 UTC
ppc64 stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2008-07-13 17:25:46 UTC
ppc stable
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-13 19:25:24 UTC
Since bind got a GLSA, I guess we'll have another one, but maybe we should combine with other DNS resolvers? Anyway, glsa reques filed.
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2008-09-04 20:12:33 UTC
GLSA 200809-02