Example config file fix for CERT Vulnerability VU#598349.

2025-12-19 02:08:24 +00:00 · 2018-09-26 18:03:10 +01:00
parent 3a610a007f
commit 7cbf497da4
2 changed files with 9 additions and 0 deletions
--- a/4
+++ b/4
@@ -64,6 +64,10 @@ version 2.80
 	now always forward, and never answer from the cache. This
 	allows "dig +trace" command to work. 
 	
+	Include in the example config file a formulation which
+	stops DHCP clients from claiming the DNS name "wpad".
+	This is a fix for the CERT Vulnerability VU#598349.
+
 	
 version 2.79
 	Fix parsing of CNAME arguments, which are confused by extra spaces.
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -672,3 +672,8 @@

 # Include all files in a directory which end in .conf
 #conf-dir=/etc/dnsmasq.d/,*.conf
+
+# If a DHCP client claims that its name is "wpad", ignore that.
+# This fixes a security hole. see CERT Vulnerability VU#598349
+#dhcp-name-match=set:wpad-ignore,wpad
+#dhcp-ignore-names=tag:wpad-ignore