Security researchers at Google have found seven security bugs in the Dnsmasq application that put an inestimable number of desktops, servers, smartphones, routers, and other IoT devices at risk of hacking.
The seven vulnerabilities are sneakily dangerous because they affect Dnsmasq, a tool that provides a simple DNS server, DNS forwarder, route advertisement, and DHCP capabilities for the devices it is embedded with.
Unknown to most users is that Dnsmasq is currently deployed with Linux and its various modified distributions used for IoT devices and SOHO routers, but also in Android-based devices.
Vulnerabilities allow attackers access to internal networks
Google researchers say the security flaws they discovered affect the Dnsmasq DNS and DHCP packages, which are usually open to remote connections.
Researchers say the flaws are highly critical because attackers can exploit them to mount attacks and gain access to internal networks, bypassing security applications. A recent report showed that many companies are unprepared to deal with DNS-based attacks.
Google privately reported the vulnerabilities to the Dnsmasq project. The flaws have been fixed in version 2.7.8 [1, 2], released yesterday. Google also patched the vulnerabilities in Android via the October 2017 Security Bulletin, released late last night.
Security researchers are now urging other projects and hardware vendors to embed the Dnsmasq fixes in patches for their projects as soon as possible.
PoC exploit code published online
Google published proof-of-concept code to demonstrate the flaws and help system administrators test their products and set up alternative mitigations until security updates for all products are available.
Unfortunately, attackers can easily weaponize these PoC exploits to attack vulnerable devices/networks.
Details about each vulnerability are available below:
Image credits: Creative Stall, Bleeping Computer