Quote:Researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System (DNS) responses for home and commercial routers and servers.
 
The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks (also known as DNS spoofing). If exploited, these flaws could be chained together to allow remote code execution, denial of service and other attacks.
 
Researchers have labeled the set of vulnerabilities “DNSpooq,” a combination of DNS spoofing, the concept of “a spook spying on internet traffic,” and the “q” at the end of dnsmasq.
 
“DNSpooq is a series of vulnerabilities found in the ubiquitous open-source software dnsmasq, demonstrating that DNS is still insecure, 13 years after the last major attack was described,” said researchers with the JSOF research lab, in a recent analysis.
 
Dnsmasq is installed on many home and commercial routers and servers in many organizations. The software’s storing of responses to previously asked DNS queries locally speeds up the DNS resolution process; however it has many other uses as well, including providing DNS services to support Wi-Fi hot-spots, enterprise guest networks, virtualization and ad blocking.
 
Researchers have identified at least 40 vendors who utilize dnsmasq in their products, including Cisco routers, Android phones, Aruba devices, Technicolor and Red Hat, as well as Siemens, Ubiquiti networks, Comcast and many others. In all, “millions” of devices are affected, they said.