Product Security Advisory: Vulnerabilities in Dnsmasq
Recently published research has identified two sets of vulnerabilities in dnsmasq, one set of memory corruption issues handling DNSSEC and a second set of issues validating DNS responses. The following Common Vulnerability and Exposure (CVE) identifiers have been assigned to each of the vulnerabilities:
- DNSSEC handling code.
- CVE-2020-25681 (CVSS 8.1) A heap-based buffer overflow in dnsmasq in the way it sorts RRSets before validating them with DNSSEC data.
- CVE-2020-25682 (CVSS 8.1) A buffer overflow vulnerability in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data.
- CVE-2020-25683 (CVSS 5.9) A heap-based buffer overflow in get_rdata subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries.
- CVE-2020-25687 (CVSS 5.9) A heap-based buffer overflow in sort_rrset subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries.
- DNS response validation.
- CVE-2020-25684 (CVSS 4.0) Dnsmasq does not validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses.
- CVE-2020-25685 (CVSS 4.0) Dnsmasq uses a weak hashing algorithm (CRC32) when compiled without DNSSE to validate DNS responses.
- CVE-2020-25686 (CVSS 4.0) Dnsmasq does not check for an existing pending request for the same name and forwards a new request thus allowing an attacker to do a "Birthday Attack" scenario to forge replies and potentially poison the DNS cache.
Affected Products
The following table lists the product impacts of the two sets of vulnerabilities listed above and the current state of remediation planning. This bulletin will be updated when firmware update release dates are finalized. Please visit https://sierrawireless.com/security for the latest information
Product
DNSSEC Handling Code
DNS Response Validation
Fix Version
Target Release Date
ALEOS 4.4.X
ALEOS 4.4.X
ALEOS 4.4.X
Airlink OS 2.0
Airlink OS 20.06
ACM 2.1 (FIPS)
WP76xx
WP77xx
WP85xx
Not Affected
Not Affected
Not Affected
Not Affected
Not Affected
Not Affected
Affected
Affected
Affected
Affected
Affected
Affected
Affected
Affected
Affected
Affected
Affected
Affected
No Fix Planned
4.9.6
4.15.0
Airlink OS 2.1
Airlink OS 2.1
ACM 2.1.1
R17 BP7
RM15
No Fix Planned
No Fix Planned
February 2021
June 2021
June 2021
June 2021
October 2021
April 2021
TBD
No Fix Planned
Recommended Actions
Sierra Wireless recommends upgrading to the latest version for your products as soon as they become
available.
Credits
Sierra Wireless would like to thank JSOF for discovering and responsibly reporting these issues, as well as the efforts of CERT/CC for coordinating the response. For more information please refer to the links below:
Contact USAT
If you need help updating your AirLink devices, and have an active DevProv+ plan with USAT please file a support ticket. If you're in need of new AirLink solutions, please reach out to us using one of the three contact methods detailed below.
For More Information:
- Give Us a Call: (919) 942-4214
- Send Us an Email: info@usatcorp.com
- Request a Consultant: Click Here
Share this Post
