CVE-2012-3411 — MEDIUM (5.0)

Q: How severe is CVE-2012-3411?

CVE-2012-3411 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-3411?

Check the references section above for vendor advisories and patch information. Affected products include: Thekelleys Dnsmasq, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Thekelleys	Dnsmasq	<= 2.62
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-20

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372Issue TrackingThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0276.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0277.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0579.htmlThird Party Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=2f38141f434e23
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=54dd393f3938fc
http://www.mandriva.com/security/advisories?name=MDVSA-2013:072Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/07/12/5Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/54353Third Party AdvisoryVDB Entry
http://www.thekelleys.org.uk/dnsmasq/CHANGELOGRelease NotesVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=833033Issue TrackingPatchThird Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372Issue TrackingThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0276.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0277.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0579.htmlThird Party Advisory

FAQ

What is CVE-2012-3411?

CVE-2012-3411 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplificati...

How severe is CVE-2012-3411?

CVE-2012-3411 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-3411?

Check the references section above for vendor advisories and patch information. Affected products include: Thekelleys Dnsmasq, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.