VAR-200604-0535
Vulnerability from variot - Updated: 2025-04-03 22:41Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. Dnsmasq is prone to a remote denial-of-service vulnerability.
TITLE: Dnsmasq DHCP Broadcast Reply Denial of Service
SECUNIA ADVISORY ID: SA19760
VERIFY ADVISORY: http://secunia.com/advisories/19760/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From local network
SOFTWARE: Dnsmasq 2.x http://secunia.com/product/4837/
DESCRIPTION: A vulnerability has been reported in Dnsmasq, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the handling of certain requests from a DHCP client.
The vulnerability has been reported in version 2.29.
SOLUTION: Update to version 2.30. http://thekelleys.org.uk/dnsmasq/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Sandra Dekkers.
ORIGINAL ADVISORY: http://thekelleys.org.uk/dnsmasq/CHANGELOG
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dnsmasq",
"scope": "eq",
"trust": 1.9,
"vendor": "dnsmasq",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.30"
}
],
"sources": [
{
"db": "BID",
"id": "17662"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandra Dekkers is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "17662"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2017",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2017",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-459",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. Dnsmasq is prone to a remote denial-of-service vulnerability. \n\nTITLE:\nDnsmasq DHCP Broadcast Reply Denial of Service\n\nSECUNIA ADVISORY ID:\nSA19760\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19760/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nDnsmasq 2.x\nhttp://secunia.com/product/4837/\n\nDESCRIPTION:\nA vulnerability has been reported in Dnsmasq, which potentially can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error within the handling of\ncertain requests from a DHCP client. \n\nThe vulnerability has been reported in version 2.29. \n\nSOLUTION:\nUpdate to version 2.30. \nhttp://thekelleys.org.uk/dnsmasq/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Sandra Dekkers. \n\nORIGINAL ADVISORY:\nhttp://thekelleys.org.uk/dnsmasq/CHANGELOG\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2017"
},
{
"db": "BID",
"id": "17662"
},
{
"db": "PACKETSTORM",
"id": "45648"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17662",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "19760",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2017",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-1494",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "24884",
"trust": 1.6
},
{
"db": "XF",
"id": "26005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "45648",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "17662"
},
{
"db": "PACKETSTORM",
"id": "45648"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"id": "VAR-200604-0535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25396827
},
"last_update_date": "2025-04-03T22:41:46.623000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/17662"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19760"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/24884"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/1494"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26005"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26005"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1494"
},
{
"trust": 0.3,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.3,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19760/"
},
{
"trust": 0.1,
"url": "http://thekelleys.org.uk/dnsmasq/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4837/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "17662"
},
{
"db": "PACKETSTORM",
"id": "45648"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "17662"
},
{
"db": "PACKETSTORM",
"id": "45648"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-24T00:00:00",
"db": "BID",
"id": "17662"
},
{
"date": "2006-04-25T22:06:23",
"db": "PACKETSTORM",
"id": "45648"
},
{
"date": "2006-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"date": "2006-04-25T12:50:00",
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-24T19:41:00",
"db": "BID",
"id": "17662"
},
{
"date": "2006-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-459"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNSmasq Broadcast Reply Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "17662"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-459"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…