A group of vulnerabilities in the popular DNSMasq software used for domain name system (DNS) caching and IP address assignment could allow an attacker to reroute network traffic or use nearly 1 million open forwarders on the Internet for denial-of-service (DoS) attacks.
The vulnerabilities — found by Israeli security services firm JSOF and confirmed by large technology firms including Google and Red Hat — include three vulnerabilities that allow DNS cache poisoning and four buffer-overflow vulnerabilities. Dubbed DNSpooq, the vulnerabilities could redirect people using the vulnerable DNS forwarding service, referred to as DNS cache poisoning, or be used to take over the device, JSOF stated in an advisory.
While a DoS attack or device takeover could happen, DNS cache poisoning could also be used for fraud, says Shlomi Oberman, CEO at JSOF.
"If you browse to one website, but you are actually directed to another website — there could be all kinds of fraud," he says. "The worse-case scenario is cache poisoning and a remote execution attack."
A collection of software and device makers have tackled the issues in a working group for months. The vulnerabilities affect software and network appliances from at least 16 vendors, including Cisco, Digi International, Netgear, Red Hat, and Siemens. DNSMasq, which was authored by network expert Simon Kelley, patched the issues about four weeks ago but released the update — version 2.83 — on Sunday, according to the project's log files.
The cache ..
Support the originator by clicking the read the rest link below.
