You are here

CVE-2012-3411

Vincent (CVE) Danen's picture
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

Details Source

Mitre

Statement

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Public Date

2012-07-09 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks

Bugzilla ID

833 033

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2013:0579 2013-02-28
Red Hat Enterprise Linux 6 (dnsmasq) RHSA-2013:0277 2013-02-20
Red Hat Enterprise Linux 6 (libvirt) RHSA-2013:0276 2013-02-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 dnsmasq Will not fix