Security News > 2021 > January > Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices.

"Some of the bigger users of Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and Ubiquiti, but there are many more. All major Linux distributions offer Dnsmasq as a package, but some use it more than others, e.g., in OpenWRT it is used a lot, Red Hat use it as part of their virtualization platforms, Google uses it for Android hotspots, while, for example Ubuntu just has it as an optional package," Shlomi Oberman, CEO and researcher at JSOF, told Help Net Security.

It's also possible to perform DNS cache poisoning if a Dnsmasq server is only configured to listen to a connection received from within an internal network, but the network is open.

The four buffer overflow bugs are present and can only be exploited if Dnsmasq is configured to use DNSSEC. "The vulnerabilities can be triggered by sending a crafted response packet to an open request. This can be combined with the cache poisoning attack to potentially mount a remote code execution attack over the device running Dnsmasq," the researchers explained.

Devices that do not use Dnsmasq's caching feature will be much less affected to cache poisoning attacks, Oberman told Help Net Security.

"DNSSEC is a security feature meant to prevent cache poisoning attacks and so we would not recommend turning it off, but rather updating to the newest version of Dnsmasq," he added.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/xQdQLUF6_DI/