Home News DNSMasq Critically Vulnerable to DNS Cache Poisoning Attacks

DNSMasq Critically Vulnerable to DNS Cache Poisoning Attacks

JSOF’s security experts discovered seven buffer overflow and DNS cache poisoning vulnerabilities in DNSMasq, which can be exploited to launch extremely effective multi-staged attacks.

DNS attack

Cybersecurity experts from security firm JSOF uncovered seven critical vulnerabilities in popular open-source Domain Name System (DNS) forwarding software DNSMasq, which is deployed in networking units to cache and forward Domain Identify Method requests. Dubbed as DNSpooq, the vulnerabilities include four Buffer Overflow Flaws (CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, and CVE-2020-25681) and three DNS Cache Poisoning vulnerabilities (CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685).

Various popular brands like Cisco, Android, Aruba, Technicolor, Red-Hat, Siemens, Ubiquiti Networks, and Comcast use DNSMasq in their products and services.  JSOF’s researchers stated that the devices that are using DNSMasq could be affected or unaffected based on how they are using the software.

“One of the interesting things about these vulnerabilities is that each one of them, on its own, has limited impact. However, the vulnerabilities could be combined and chained in certain ways to build extremely effective multi-staged attacks. This is because exploiting some of the vulnerabilities makes it easier to exploit others,” JSOF said.

What’s the impact?

The Buffer Overflow vulnerabilities include high severity risks that could potentially lead to remote code execution when configured to DNSMasq. These vulnerabilities could pose critical risks when attackers combine these with the cache-poisoning vulnerabilities to launch more effective cyberattacks.

DNS Cache Poisoning flaws can potentially result in various kinds of frauds. Scammers could exploit these vulnerabilities to route unwitting victims from a legitimate browser to a malicious one. Fraudsters can manipulate the Internet traffic, including regular Internet browsing, emails, SSH, remote desktop, RDP video and voice calls, and software updates.

“For the Buffer Overflows and Remote Code execution, devices that don’t use the DNSSEC feature will be immune. DNSSEC is a security feature meant to prevent cache poisoning attacks and so we would not recommend turning it off, but rather updating to the newest version of DNSMasq,” JSOF added.