Security News > 2021 > January > Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws

Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices.

Dnsmasq 2.83, maintained by open source software developer Simon Kelley, has been released to address the issues, which recall the DNS cache poisoning vulnerability identified in 2008 by security researcher Dan Kaminsky.

There are defenses for these kinds of DNS spoofing attacks, such as using HTTPS and SSH. "There are broadly two sets of problems," wrote Kelly in an email sent to the dnsmasq mailing list.

The high-severity buffer overflow could enable remote code execution when dnsmasq has been configured to use DNSSEC, and the lower-severity overflows could be used for denial of service when DNSSEC is in place.

According to JSOF, there are around one million dnsmasq servers visible on the public internet, and in addition to the risk of cache poisoning, at least one of the vulnerabilities could be used for remote code execution to hijack home routers and other networking gear.

The bugs could also be used to create wormable and DDoS attacks.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/20/dns_cache_poisoning/