DNSpooq - Dnsmasq vulnerabilities open networking devices & Linux distros to DNS cache poisoning
- CVE-2020-25681: Buffer Overflow
- CVE-2020-25682: Buffer Overflow
- CVE-2020-25683: Buffer Overflow
- CVE-2020-25684: TXID-Port Decoupling
- CVE-2020-25685: Weak frec Identification
- CVE-2020-25686: Multiple outstanding requests for the same name
- CVE-2020-25687: Buffer Overflow
Sources
Official researchers: https://www.jsof-tech.com/disclosures/dnspooq/
Technical whitepaper: https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf
Risks
Successful exploitation of these seven vulnerabilities in the dnsmasq could result in cache poisoning, remote code execution, and a denial-of-service condition. All clients connecting to the Internet using infrastructure where a vulnerable version of dnsmasq is implemented, could be unknowingly browsing to malicious websites.
Description
Recommended Actions
- CERT.be recommends users update to the latest version (2.83 or above).
- CERT.be recommends to implement Layer 2 security features such as DHCP snooping and IP source guard.
- CERT.be recommends to use DNS-over-HTTPS or DNS-over-TLS to connect to upstream server
- CERT.be recommends temporarily disable DNSSEC validation option until you patch
Download the latest updates via: http://www.thekelleys.org.uk/dnsmasq/?C=M;O=D