DNSmasq Vulnerability Allows DNS Hijacking of Millions of Devices

Author: Melodie Foster

Date: 20th January 2021

Seven vulnerabilities have been disclosed that impact a popular DNS software package which is commonly used in networking equipment such as access points.

The vulnerabilities found in Dnsmasq, which is a DNS forwarding client for *NIX-based operating systems, are being tracked as DNSpooq and are affecting various devices ranging from Cisco devices and Android smartphones to access points and VPN’s.

These DNSpooq vulnerabilities are dangerous because they can be combined to poison DNS cache entries. This is an issue as it allows for attackers to be able to redirect users to clones of legitimate websites. For example, if a hacker can exploit a DNSpooq attack to poison DNS cache entries for outlook.com on a company’s router, they can direct all the company’s employees to an Outlook phishing site while the browser will show the legitimate outlook.com address in their browser. This can then be used to collect the employee’s login credentials.

Of the seven vulnerabilities that have recently been discovered, three allow for DNS cache poisoning and four are buffer overflows that could lead to remote code execution.

Oberman, CEO of JSOF, whose teams disclosed the vulnerabilities, said that it would be fairly simple to exploit these vulnerabilities but, “the main challenge for someone exploiting these vulnerabilities on a large scale is that they are quite noisy so they will probably be noticed by ISPs and other companies with wide visibility to internet traffic.”

Dnsmasq versions before 2.83 are susceptible to DNSpooq and so users are being advised to upgrade to version 2.83[1].

[1] https://www.zdnet.com/article/dnspooq-lets-attackers-poison-dns-cache-records/

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

DNSmasq Vulnerability Allows DNS Hijacking of Millions of Devices

Author: Melodie Foster

Date: 20th January 2021

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta