Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws

Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws

Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices.


The flaws, collectively dubbed DNSpooq, were revealed on Tuesday by Israel-based security firm JSOF at the conclusion of a five-month coordinated disclosure period. The bugs are believed to affect products from more than 40 IT vendors, including Cisco, Comcast, Google, Netgear, Red Hat, and Ubiquiti, and major Linux distributions.

JSOF researchers identified three cache poisoning bugs (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) and four buffer overflow bugs (CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681).


Dnsmasq 2.83, maintained by open source software developer Simon Kelley, has been released to address the issues, which recall the DNS cache poisoning vulnerability identified in 2008 by security researcher Dan Kaminsky.

That 2008 bug allowed an attacker to inject data into a recursive nameserver’s cache, in order to send web users to a malicious website via bogus DNS responses. And DNSpooq is similar: it allows fake DNS records to be added to the dnsmasq cache, potentially for long periods of time, among other plausible ills. That means victims could end up connecting to what they think is a legit website or service, but in fact they're connecting to a malicious machine masquerading as the other site, which could harvest credentials and other sensitive information. There are defenses for these kinds of DNS spoofing attacks, such as using HTTPS and SSH.


"There are broadly two sets of pr ..