Dnsmasq

Security researchers at Google have found seven security bugs in the Dnsmasq application that put an inestimable number of desktops, servers, smartphones, routers, and other IoT devices at risk of hacking.

The seven vulnerabilities are sneakily dangerous because they affect Dnsmasq, a tool that provides a simple DNS server, DNS forwarder, route advertisement, and DHCP capabilities for the devices it is embedded with.

Unknown to most users is that Dnsmasq is currently deployed with Linux and its various modified distributions used for IoT devices and SOHO routers, but also in Android-based devices.

Vulnerabilities allow attackers access to internal networks

Google researchers say the security flaws they discovered affect the Dnsmasq DNS and DHCP packages, which are usually open to remote connections.

Researchers say the flaws are highly critical because attackers can exploit them to mount attacks and gain access to internal networks, bypassing security applications. A recent report showed that many companies are unprepared to deal with DNS-based attacks.

Google privately reported the vulnerabilities to the Dnsmasq project. The flaws have been fixed in version 2.7.8 [1, 2], released yesterday. Google also patched the vulnerabilities in Android via the October 2017 Security Bulletin, released late last night.

Security researchers are now urging other projects and hardware vendors to embed the Dnsmasq fixes in patches for their projects as soon as possible.

PoC exploit code published online

Google published proof-of-concept code to demonstrate the flaws and help system administrators test their products and set up alternative mitigations until security updates for all products are available.

Unfortunately, attackers can easily weaponize these PoC exploits to attack vulnerable devices/networks.

Details about each vulnerability are available below:

CVE
Impact
Vector
Notes
PoC
CVE-2017-14491
RCE
DNS
Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted.
CVE-2017-14492
RCE
DHCP
Heap based overflow.
CVE-2017-14493
RCE
DHCP
Stack Based overflow.
CVE-2017-14494
Information Leak
DHCP
Can help bypass ASLR.
CVE-2017-14495
OOM/DoS
DNS
Lack of free() here.
CVE-2017-14496
DoS
DNS
Invalid boundary checks here. Integer underflow leading to a huge memcpy.
CVE-2017-13704
DoS
DNS
Bug collision with CVE-2017-13704
 

Image credits: Creative Stall, Bleeping Computer