Bug#1000159: dnsproxy listen unnecessary UDP port

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1000159: dnsproxy listen unnecessary UDP port
From: Marcos Talau <marcos@talau.info>
Date: Thu, 18 Nov 2021 16:28:13 -0300
Message-id: <[🔎] YZapTRzRRpJ5XHIf@talau.info>
Reply-to: Marcos Talau <marcos@talau.info>, 1000159@bugs.debian.org

Package: dnsproxy
Version: 1.16-0.1
Severity: important
X-Debbugs-Cc: marcos@talau.info
Control: forwarded -1 https://github.com/awaw/dnsproxy/issues/1

Hi there,

When dnsproxy starts it unnecessary listens to a random UDP port on all
interfaces. This opened port is not required to dnsproxy do their job.
If someone connects on that port it's possible to send unwanted DNS
answers to dnsproxy, these answers can be forwarded to the client, but
an attacker needs to know the DNS ID used by the client and the DNS ID
used by dnsproxy.


Regards,
mt

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Processed: dnsproxy listen unnecessary UDP port
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1000159: dnsproxy listen unnecessary UDP port
  - From: Marcos Talau <marcos@talau.info>
- Processed: Re: dnsproxy listen unnecessary UDP port
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1000159: marked as done (dnsproxy listen unnecessary UDP port)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: pinpoint_0.1.8-5_source.changes ACCEPTED into unstable
Next by Date: Processed: dnsproxy listen unnecessary UDP port
Previous by thread: pinpoint_0.1.8-5_source.changes ACCEPTED into unstable
Next by thread: Processed: dnsproxy listen unnecessary UDP port
Index(es):
- Date
- Thread