CVE-2008-3350 - dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DH

CVE-2008-3350

Summary

dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.

References

Vulnerable Configurations

cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*
cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-08-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
mlist	[dnsmasq-discuss] 20080720 dnsmasq 2.44 available.
secunia	31197
vupen	ADV-2008-2166
xf	dnsmasq-dhcpinform-dos(43960) dnsmasq-dhcplease-dos(43957)

statements via4

contributor	Mark J Cox
lastmodified	2008-07-30
organization	Red Hat
statement	Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.

Last major update

08-08-2017 - 01:31

Published

28-07-2008 - 17:41

Last modified

08-08-2017 - 01:31