Summary
Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this flaw.
Solution
For the stable distribution (wheezy), this problem has been fixed in version 0.6.0~rc1-12+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 0.6.0~rc1-19.
For the unstable distribution (sid), this problem has been fixed in version 0.6.0~rc1-19.
We recommend that you upgrade your iodine packages.
Insight
This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.
Affected
iodine on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4168 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities