{"vulnerability": "CVE-2020-25684", "sightings": [{"uuid": "64226d37-3c3c-41f1-b5dc-10e48390e763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://t.me/VulnerabilityNews/19765", "content": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.\nPublished at: January 20, 2021 at 05:15PM\nView on website", "creation_timestamp": "2021-01-20T18:46:27.000000Z"}, {"uuid": "74857ead-4c27-4aa3-87b8-45292074d607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/dnspooq-haavoittuvuusjoukko-laajalti-kaytossa-olevassa-dnsmasq-ohjelmistossa", "content": "", "creation_timestamp": "2021-01-20T11:02:54.000000Z"}, {"uuid": "72ffc507-cd93-4de0-8d51-a64dda0f946e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://t.me/cibsecurity/22430", "content": "\u203c CVE-2020-25686 \u203c\n\nA flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T20:27:21.000000Z"}, {"uuid": "d3f06afa-f7f1-4415-a280-d205a0e80ee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://t.me/true_secator/1346", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 JOSF \u0415\u0432\u0440\u0435\u0439\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0432 \u0418\u0435\u0440\u0443\u0441\u0430\u043b\u0438\u043c\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u043e\u043c \u043d\u0430\u0431\u043e\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c DNS-\u0441\u043f\u0443\u0444\u0438\u043d\u0433 (\u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043a\u044d\u0448\u0430 DNS \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u043e\u0437\u0432\u0440\u0430\u0442\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043b\u043e\u0436\u043d\u043e\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430) \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 (RCE), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043d\u0438 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 DNSpooq. \n\nDNSpooq \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 7 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 dnsmasq, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 IoT, \u0434\u043e\u043c\u0430\u0448\u043d\u0438\u0445 \u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445, \u0434\u0430\u0436\u0435 \u0432 Android-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430\u0445. \u0412\u0441\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u0434\u0432\u0430 \u0442\u0438\u043f\u0430 - \u0442\u0440\u0438 (CVE-2020-25684, 25685, 25686) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c DNS-\u0441\u043f\u0443\u0444\u0438\u043d\u0433, \u0430 \u0447\u0435\u0442\u044b\u0440\u0435 \u0434\u0440\u0443\u0433\u0438\u0445 (CVE-2020-25681, 25682, 25683, 25687) \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a RCE \u0437\u0430 \u0441\u0447\u0435\u0442 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043c\u043e\u0433\u043b\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438.\n\n\u0421\u0430\u043c\u043e\u0435 \u0441\u043c\u0435\u0448\u043d\u043e\u0435, \u0447\u0442\u043e \u0432\u0441\u0435 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u043e\u0440\u044f\u0432\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DNSSEC, \u043a\u0430\u043a \u0440\u0430\u0437 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 DNS. \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 dnsmasq \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c DNSSEC, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0448\u0438\u0431\u043e\u043a DNSpooq, \u043d\u043e \u0442\u043e\u0433\u0434\u0430 \u0441\u0442\u0430\u043d\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c \u043f\u0435\u0440\u0435\u0434 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 DNS-\u0441\u043f\u0443\u0444\u0438\u043d\u0433\u0430.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f DNSSEC \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c dnsmaq \u0434\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043d\u043e, \u043a\u0430\u043a \u043c\u044b \u0437\u043d\u0430\u0435\u043c, \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0432\u0441\u0435 IoT-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432\u043e\u0432\u0440\u0435\u043c\u044f \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 - \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b ASUS, Cisco, D-Link, \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u044b Honor \u0438 Motorola, \u0438 \u0434\u0430\u0436\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432 Red Hat. \u041a\u0440\u0443\u043f\u043d\u044b\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438 \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435.", "creation_timestamp": "2021-01-20T14:02:00.000000Z"}, {"uuid": "3134c236-4261-438a-b1c7-001dc3862dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://t.me/cibsecurity/22350", "content": "\u203c CVE-2020-25685 \u203c\n\nA flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T18:27:29.000000Z"}, {"uuid": "82d72d9f-6fc0-41e6-ae73-4c66d406065d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2605", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (january 1-31)\nCVE-2021-3156:\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-16875:\nhttps://t.me/cybersecuritytechnologies/1751\nCVE-2020-29583:\nhttps://t.me/cybersecuritytechnologies/2386\nCVE-2021-2109:\nhttps://t.me/cybersecuritytechnologies/2540\nCVE-2020-17519:\nhttps://t.me/cybersecuritytechnologies/2473\nCVE-2020-25684/25685/25686:\nhttps://t.me/cybersecuritytechnologies/2534\nCVE-2021-3011:\nhttps://t.me/cybersecuritytechnologies/2447", "creation_timestamp": "2025-01-04T20:01:45.000000Z"}, {"uuid": "deda579b-3e17-4740-bc28-e4c545f34f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25684", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2534", "content": "#Whitepaper\n#Threat_Research\n\"DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq\", 2021.\n// CVE-2020-25684, CVE-2020-25685, \nCVE-2020-25686 - DNS-spoofing; CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687 - RCE.", "creation_timestamp": "2021-01-21T02:28:28.000000Z"}]}