Flaws in extensively applied dnsmasq software program leave hundreds of thousands of Linux-based units exposed

Safety researchers have found several significant vulnerabilities in dnsmasq, a utility utilized in numerous Linux-primarily based techniques, specially routers and other IoT units, to deliver DNS services. Attackers can exploit the flaws to redirect users to rogue internet sites when seeking to entry legitimate ones or to execute destructive code on susceptible equipment.

Dnsmasq is a lightweight device that gives DNS caching, DNS forwarding and DHCP (Dynamic Host Configuration Protocol) services. The utility has been all around for around 20 a long time and is aspect of the normal set of instruments in several Linux distributions, such as Android. As a utility that supplies network products and services, dnsmasq is extensively applied in networking products these types of as residence business routers but is also current in several other forms of embedded and IoT techniques together with firewalls, VoIP telephones and auto WiFi techniques.

The key use of dnsmasq is to take care of DNS queries possibly for the product it is really working on or for other units on the community, in the case of routers. The software forwards the queries to other DNS servers on the net or serves the responses from a area cache to velocity up the course of action. It is this caching aspect that researchers from Israeli IoT safety corporation JSOF discovered ways to exploit.

DNS cache poisoning

JSOF located a full of seven vulnerabilities in dnsmasq that they collectively dubbed DNSpooq. Some of these flaws help so-referred to as DNS cache poisoning assaults, the place attackers who can ship queries to a vulnerable dnsmasq-based forwarder can drive the server to cache rogue or “poisoned” DNS entries for specific domain names. In practice, this means that when a device or computer that works by using the forwarder tries to entry a specific domain identify, it will obtain a malicious reaction from cache that will direct it to a server below attackers’ manage rather of the real 1.

DNS cache poisoning arrived into aim in 2008 when stability researcher Dan Kaminsky revealed a vulnerability that impacted the most well-known DNS server program. His disclosure activated what was then described as the world’s largest coordinated vulnerability patching exertion and sped up the adoption of DNSSEC, a established of stability extensions to the DNS protocol that extra cryptographic signing and verification of DNS data. The assault system did not die off. Just very last 12 months, researchers from University of California, Riverside and Tsinghua University uncovered a new assault approach dubbed Sad DNS that can lead to DNS cache poisoning.

DNS hijacking, the larger team of attacks that DNS cache poisoning is portion of, has been utilised above the many years by a assortment of malware plans and attacker teams to direct end users to phony banking websites. Technically, web sites that use HTTPS with HTTP Rigorous Transport Protection (HSTS) must be secured because while attackers can direct end users to a various net server by employing DNS hijacking, they should not be able to also spoof the website’s digital certification, so this should result in a certificate error inside the browser.

Copyright © 2021 IDG Communications, Inc.