Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Google Finds Flaws in Dnsmasq Network Services Tool

Google employees have identified a total of seven vulnerabilities, including ones that allow remote code execution, in the Dnsmasq network services software.

Google employees have identified a total of seven vulnerabilities, including ones that allow remote code execution, in the Dnsmasq network services software.

Written and maintained by Simon Kelley, Dnsmasq is a lightweight tool designed to provide DNS, DHCP, router advertisement and network boot services for small networks. Dnsmasq is used by Linux distributions, routers, smartphones and many Internet of Things (IoT) devices. A scan for “Dnsmasq” using the Internet search engine Shodan reveals over 1.1 million instances worldwide.

An analysis of Dnsmasq conducted by Google’s security team revealed seven issues, including remote code execution, information disclosure, and denial-of-service (DoS) flaws that can be exploited via DNS or DHCP.

One of the most interesting vulnerabilities found by Google researchers is CVE-2017-14491, a DNS-based remote code execution weakness that affects both directly exposed and internal networks.

Another noteworthy remote code execution bug is CVE-2017-14493, a DHCP-based issue caused by a stack buffer overflow. Experts noted that this flaw can be combined with a Dnsmasq information disclosure bug tracked as CVE-2017-14494 to bypass ASLR and execute arbitrary code.

One security hole that affects Android is CVE-2017-14496, a DoS issue that can be exploited by a local attacker or one who is tethered directly to the device. However, Google pointed out that the risk is low considering that the affected service is sandboxed.

The other vulnerabilities are CVE-2017-14492, a DHCP-based heap overflow that leads to RCE; and CVE-2017-14495 and CVE-2017-13704, both of which allow DoS attacks via DNS.

The Google Security Team has released proof-of-concept (PoC) code for each of the vulnerabilities.

The flaws have been addressed on Monday with the release of Dnsmasq 2.78. Google has also updated its affected services and provided the fixes to Android partners. This month’s Android security updates will also include the patches.

Related: Google Patches Critical Vulnerabilities in Android

Related: Google Resolves Critical Vulnerabilities in Android’s Media Framework

Related: Google Researchers Find “Worst” Windows RCE Flaw

Related: Google Researcher Details Linux Kernel Exploit

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.