Vulnerability in Dnsmasq [CVE-2015-3294]

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2015-012	CVE-2015-3294	05/05/2015	medium	v1

Vulnerability details

A vulnerability in Dnsmaq allows a remote attacker to craft a malicious DNS request in order to read sensitive information and cause a denial of service.

Impacted products

Products	Severity	Detail
Fast360	medium	Releases prior to 5.0.35 embed a vulnerable version of Dnsmasq

Revisions

Version	Date	Description
v1	08/18/2015	Initial release

Fast360

CVSS v2 Overall Score: 6

Analysis	Impacted version
A vulnerability in Dnsmaq allows a remote attacker to craft a malicious DNS request in order to read sensitive information and cause a denial of service. This vulnerabilty affects only versions prior to 5.0/35	Arkoon Fast360 5.0/1 to 5.0/34

Workaround solution

Solution

A patch is available in version 5.0/35. This version is available for download through our Early Access Release (EAR) program which can be accessed by registering to the community via https://open.arkoon.net/ear-acceder-a-nos-prochaines-version-en-avant-premiere

The 5.0/35 version will be made publicly available through our main update servers on 29 Sepetember 2015.

5.0/35 update fixes this vulnerability. You are strongly advised to update your appliances.

Access vector	Access complexity	Authentication	Confidentiality impact	Integrity impact	Availability impact
Network	Medium	None	Partial	None	Partial

CVSS Base score: 5.8	CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P)

Exploitability	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Confirmed

CVSS Temporal score: 4.3	CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)

Collateral Damage Potential	Target Distribution
Low-Medium	High [76-100%]

CVSS Environmental score: 6	CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)