Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-627-1] Dnsmasq vulnerability
From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 22 Jul 2008 12:37:02 -0400

=========================================================== 
Ubuntu Security Notice USN-627-1              July 22, 2008
dnsmasq vulnerability
CVE-2008-1447
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  dnsmasq-base                    2.41-2ubuntu2.1

After a standard system upgrade you need to restart Dnsmasq to effect
the necessary changes.

Details follow:

Dan Kaminsky discovered weaknesses in the DNS protocol as implemented
by Dnsmasq. A remote attacker could exploit this to spoof DNS entries
and poison DNS caches. Among other things, this could lead to
misdirected email and web traffic.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.1.diff.gz
      Size/MD5:    22023 89c0f060733a11e414ef1fa634b17149
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.1.dsc
      Size/MD5:      698 e44ebdb66be7abcaba3f1558b9379abb
    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41.orig.tar.gz
      Size/MD5:   357997 8d0acd6656299a800c4d1be5a1193e39

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.1_all.deb
      Size/MD5:    11962 fbe42757babf0522e92a48438cdf7d0b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_amd64.deb
      Size/MD5:   210032 015334862975edd0c6157624b9b4cd6b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_i386.deb
      Size/MD5:   202466 87bebd172bae955ef2ae8f2de323a737

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_lpia.deb
      Size/MD5:   202996 8938160f148e63de63cad64e2721c6d6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_powerpc.deb
      Size/MD5:   210320 865aa2d674736978b2b00a8623267fc4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_sparc.deb
      Size/MD5:   204034 211f90a72d775d1987b6c3179786546f


Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-627-1] Dnsmasq vulnerability Jamie Strandboge (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault