A flaw was found in the default configuration of dnsmasq, as shipped with
Fedora and Red Hat Enterprise Linux, where it listens on any interface and
accepts queries from addresses outside of its local subnet. In particular,
the option `local-service` is not enabled. Running dnsmasq in this manner
may inadvertently make it an open resolver accessible from any address on
the internet. This flaw allows an attacker to conduct a Distributed Denial
of Service (DDoS) against other systems.
Upstream:released (2.69-1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.75-1ubuntu0.16.04.5)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.79-1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
More Information

Updated: 2020-07-28 20:08:15 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)