Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.
The vulnerabilities, collectively tracked as DNSpooq, impact Dnsmasq, a widely used piece of open source software designed to provide DNS, DHCP, router advertisement and network boot capabilities for small networks. Its DNS subsystem “provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and caching of common record types.”
The software is mainly written and maintained by Simon Kelley, who has informed users about the availability of patches. The vulnerability disclosure process began in August 2020 and several impacted vendors told customers that they are working on address the issues.
There are two types of DNSpooq vulnerabilities: buffer overflow bugs that can lead to remote code execution and DoS attacks (tracked as CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687); and DNS response validation issues that can be exploited for DNS cache poisoning (tracked as CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686).
The buffer overflow bugs, JSOF said, pose a limited risk on their own, but they can be highly useful if combined with the flaws that allow cache poisoning.
Launching a DNS cache poisoning attack against a device can allow an attacker to redirect users to arbitrary websites, and intercept traffic associated with email, SSH, remote desktop, communications and other types of systems. An attacker could also take complete control of a targeted device using the DNSpooq vulnerabilities.
“Combining the vulnerabilities found by JSOF w ..
Support the originator by clicking the read the rest link below.
