Dnsmasq Holes Filled

Tuesday, October 3, 2017 @ 01:10 PM gHale


Companies are issuing advisories to warn users about serious vulnerabilities in the Dnsmasq network services software, according to a report from US-CERT.

The vulnerabilities have been patched, but advisories released to inform users of the problem.

RELATED STORIES
Windows Defender Bypass
Trend Micro Clears Mobile Security Holes
Bluetooth Devices Susceptible to Attack
ICSJWG: Change in Security Approach Needed

Dnsmasq is a tool designed to provide DNS, DHCP, router advertisement and network boot services for small networks. The tool is used by organizations, including in Linux distributions, networking devices, smartphones, cybersecurity appliances, and Internet of Things (IoT) devices.

Members of Google’s security team discovered recently that Dnsmasq suffers from seven serious vulnerabilities.

The remotely exploitable vulnerabilities can end up leveraged via DNS or DHCP for remote code execution (CVE-2017-14491, CVE-2017-14492 and CVE-2017-14493), information leaks (CVE-2017-14494), and denial-of-service (DoS) attacks (CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704).

The most critical vulnerability is CVE-2017-14491, a DNS-based remote code execution issue that affects both directly exposed and internal networks.

Simon Kelley, the creator and maintainer of Dnsmasq, released version 2.78 to address the vulnerabilities.

“I’ve just released dnsmasq-2.78, which addresses a series of serious security vulnerabilities which have been found in dnsmasq by the Google security team,” Kelley said in a post. “Some of these, including the most serious, have been in dnsmasq since prehistoric times, and have remained undetected through multiple previous security audits.”

This month’s Android security updates also address the issues.

Some of the companies whose products use Dnsmasq have started releasing advisories to inform customers about the flaws and the availability of patches and mitigations. Kelley said some organizations received the information in advance, before the existence of the security holes was made public.

The CERT Coordination Center at Carnegie Mellon University has published a list of 99 vendors that could be affected by the Dnsmasq vulnerabilities.



Leave a Reply

You must be logged in to post a comment.