DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws consist of buffer overflow issues that can be exploited together to allow an unauthenticated actor to carry out remote code execution.
Researchers have deemed the set of flaws “DNSpooq,” to resemble DNS spoofing, the concept of spying on internet traffic. Researchers at the JSOF lab released a recent analysis of the vulnerabilities, stating that the flaws demonstrate that DNS is still insecure. Dnsmasq is installed on many home routers and in many organizations. Researchers have identified at least 40 vendors who use dnsmasq in their products, including Cisco routers, Andriod phones, Aruba devices, Comcast, and Ubiquiti networks.