ID CVE-2008-3350
Summary dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
References
Vulnerable Configurations
  • cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*
    cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-08-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
mlist [dnsmasq-discuss] 20080720 dnsmasq 2.44 available.
secunia 31197
vupen ADV-2008-2166
xf
  • dnsmasq-dhcpinform-dos(43960)
  • dnsmasq-dhcplease-dos(43957)
statements via4
contributor Mark J Cox
lastmodified 2008-07-30
organization Red Hat
statement Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.
Last major update 08-08-2017 - 01:31
Published 28-07-2008 - 17:41
Back to Top