Software bugs in Dnsmasq threaten users of routers, Linux, and other OSes

Software bugs in Dnsmasq

Software bugs in Dnsmasq

Google researchers discovered three software bugs in a widely used software package. The bugs allow hackers to execute malicious code on vulnerable devices. Including, Linux, FreeBSD, OpenBSD, NetBSD, and macOS, also proprietary firmware.

Dnsmasq provides code that makes it easier for networked devices to communicate using domain name system and the Dynamic Host Configuration Protocol. It also run on a variety of other operating systems and in router firmware.

Google security researchers, said, the recently found seven vulnerabilities in Dnsmasq, and the three flaws that allowed the remote execution of malicious code.

Vulnerabilities in SAP products leads to take servers offline

address space layout randomization

One of the code-execution flaws, indexed as CVE-2017-14493, is a “trivial-to-exploit, DHCP-based, stack-based buffer overflow vulnerability. Combined with a separate information leak bug, attackers can bypass a key protection known as address space layout randomization. The key prevents malicious payloads included in exploits from executing.

As a result, exploits result in a simple crash, rather than a security-compromising hack. However, chaining the code-execution and information leak exploits together, attackers can circumvent the defense to run any code of their choosing.

John McAfee reveals about the much-awaited anti-hacking system ‘Sentinel’

The Google researchers worked with the maintainer of Dnsmasq to patch the vulnerabilities in version 2.78 is available. The researchers also said that Android was affected by one of the less-severe bugs, and a fix is being distributed in the October Android security update that will be pushed out to a select number of devices.

There’s no mention what upstream OSes that use Dnsmasq affected by the more serious flaws or if patches are publicly available yet. The other six vulnerabilities, CVE-2017-14491, CVE-2017-14492, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, and CVE-2017-13704.

The Google doesn’t mention actions or other protections users of affected platforms. Attempts to reach independent security researchers for analysis weren’t immediately successful.

More information: [Google]