It has been reported that Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices. What is Dnsmasq, it is an open-sourced DNS forwarding software with DNS caching and DHCP server capabilities. It is used by a number of companies including Android/Google, Comcast, Cisco, Redhat, Netgear, Qualcomm, Linksys, Netgear, IBM, D-Link, Dell, Huawei, and Ubiquiti.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 20, 2021 12:19 pm

<p>These are interesting attacks and while each on their own is limited, when combined together they can pose a high risk to devices running over versions of Dnsmasq. </p> <p> </p> <p>Additionally, these attacks can be chained together if internal devices have already been compromised on the network.</p> <p> </p> <p>Therefore, it\’s important that organisations prioritise the patches for Dnsmasq where possible. The challenge however for many organisations will be where devices running Dnsmasq cannot be updated directly and so they will be reliant on each device manufacturer to independently provide an update. </p> <p> </p> <p>It highlights some of the ongoing challenges with patching that organisations face and why unpatched software remains a popular attack method for criminals.</p>

Last edited 1 year ago by Javvad Malik
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x