"Flaws in Widely Used Dnsmasq Software Leave Millions of Linux-Based Devices Exposed"
Security experts from the Internet of Things (IoT) security firm JSOF have released details about a set of seven vulnerabilities collectively called DNSpooq that impact Dnsmasq, a DNS transfer client used for many Linux-based systems such as routers and other IoT devices. Dnsmasq is usually contained by the firmware of various networking devices, including home business routers and different types of embedded and IoT systems such as firewalls, Voice over Internet Protocol (VoIP) phones, and vehicle Wi-Fi systems. The exploitation of these flaws enables the launch of DNS cache poisoning attacks in which attackers send queries to a vulnerable Dnsmasq-based forwarder to force the server to cache rogue or poisoned DNS entries. These attacks result in the redirection of users to malicious sites. The seven DNSpooq vulnerabilities also include buffer overflows that can lead to remote code execution. JSOF identified more than 40 affected vendors, including Google, Cisco Systems, Dell, Netgear, OpenStack, Linksys, and General Electric. This article continues to discuss the attacks that could be performed by exploiting the Dnsmasq vulnerabilities and the mitigation of these flaws.