Dnsmasq is a widely used lightweight network application tool designed to furnish DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads together with network kicking services for pocket-size networks.
Dnsmasq comes pre-installed on diverse devices together with operating systems, including Linux distributions such equally Ubuntu together with Debian, habitation routers, smartphones together with Internet of Things (IoT) devices. H5N1 shodan scan for "Dnsmasq" reveals closed to 1.1 1000000 instances worldwide.
Recently, Google's safety squad reviewed Dnsmasq together with discovered 7 safety issues, including DNS-related remote code execution, information disclosure, together with denial-of-service (DoS) issues that tin halt last triggered via DNS or DHCP.
"We discovered 7 distinct issues (listed below) over the course of written report of our regular internal safety assessments," Google's safety squad wrote inwards a blog post published on Monday.
"Once nosotros determined the severity of these issues, nosotros worked to investigate their impact together with exploitability together with and thence produced internal proofs of concept for each of them. We also worked alongside the maintainer of Dnsmasq, Simon Kelley, to create appropriate patches together with mitigate the issue."Since the vulnerabilities convey straight off been patched yesteryear Dnsmasq developer together with maintainer Simon Kelley, Google researchers convey released details together with proof-of-concept (PoC) exploit code for each of the vulnerabilities.
Out of 7 vulnerabilities discovered yesteryear the team, 3 tin halt last exploited to perform remote code execution, 3 tin halt last used inwards denial of service attacks, together with i information leakage flaw.
Here's the List of All Vulnerabilities:
- CVE-2017-14491—A DNS-based remote code execution vulnerability inwards Dnsmasq versions earlier 2.76 is marked equally the virtually severe that allows for unrestricted heap overflows, affecting both straight exposed together with internal network setups.
- CVE-2017-14492—Another remote code execution vulnerability due to a DHCP-based heap overflow issue.
- CVE-2017-14493—Another noteworthy DHCP-based remote code execution põrnikas caused yesteryear a stack buffer overflow. According to Google, this flaw is footling to exploit if it's used inwards conjunction alongside the flaw (CVE-2017-14494) mentioned below.
- CVE-2017-14494—An information leak inwards DHCP which tin halt last combined alongside CVE-2017-14493 to let attackers bypass ASLR safety machinery together with execute arbitrary code on a target system.
- CVE-2017-14495—A flaw inwards Dnsmasq which tin halt last exploited to launch a denial of service (DoS) laid on yesteryear exhausting retentivity via DNS. The flaw impacts dnsmasq entirely if i of these options is used: --add-mac, --add-cpe-id or --add-subnet.
- CVE-2017-14496—Google's Android operating organization is specifically affected yesteryear this DoS effect which tin halt last exploited yesteryear a local hacker or i who is tethered straight to the device. However, Google pointed out the service itself is sandboxed, thence the opportunity to Android users is reduced.
- CVE-2017-14497—Another DoS effect wherein a large DNS inquiry tin halt crash the software.
Since all the issues convey already been addressed alongside the unloose of Dnsmasq 2.78, Dnsmasq users are advised to update their installations equally presently equally possible.
To piece your devices, brand certain to upgrade packages on your system. Google has updated its affected services together with released the safety fixes to Android partners on v September 2017 inwards October's Android safety updates.
Other affected Google services are also claimed to last updated. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, together with 1.8.0 convey also been updated alongside a patched Dnsmasq.
Share This :
comment 0 Comments
more_vert