Connect with us

Hi, what are you looking for?



Vendors Warn Customers of Dnsmasq Vulnerabilities

Organizations, including several major tech companies, have started publishing security advisories to warn customers about serious vulnerabilities discovered by Google researchers in the Dnsmasq network services software.

Organizations, including several major tech companies, have started publishing security advisories to warn customers about serious vulnerabilities discovered by Google researchers in the Dnsmasq network services software.

Dnsmasq is a lightweight tool designed to provide DNS, DHCP, router advertisement and network boot services for small networks. The tool is used by many organizations, including in Linux distributions, networking devices, smartphones, cybersecurity appliances, and Internet of Things (IoT) devices. A scan for “Dnsmasq” via the Internet search engine Shodan reveals over 1.1 million instances worldwide.

Members of Google’s security team discovered recently that Dnsmasq is affected by seven potentially serious vulnerabilities. The flaws can be exploited via DNS or DHCP for remote code execution (CVE-2017-14491, CVE-2017-14492 and CVE-2017-14493), information leaks (CVE-2017-14494), and denial-of-service (DoS) attacks (CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704).Dnsmasq vulnerabilities

The most critical vulnerability is CVE-2017-14491, a DNS-based remote code execution issue that affects both directly exposed and internal networks.

Simon Kelley, the creator and maintainer of Dnsmasq, released version 2.78 to address the vulnerabilities. This month’s security updates for Android also fix the flaws.

Some of the companies whose products use Dnsmasq have started releasing advisories to inform customers about the flaws and the availability of patches and mitigations. Kelley said some organizations received the information in advance, before the existence of the security holes was made public.

The CERT Coordination Center at Carnegie Mellon University has published a list of 99 vendors that could be affected by the Dnsmasq vulnerabilities, and some of them have confirmed that their products are impacted.

The developers of Linux distributions such as Debian, Red Hat, CentOS, Slackware and Ubuntu have already released patches.

Advertisement. Scroll to continue reading.

Updates and advisories have also been made available by the creators of Kubernetes, an open-source platform for automating the deployment, scaling and management of containerized applications. Kubernetes is used, among others, by CoreOS, which has also released updates for impacted products.

Amazon Web Services (AWS) customers can use Dnsmasq to resolve hostname queries and the cloud giant has advised them to update the dnsmasq package to prevent potential attacks.

Cisco has also published an advisory, but it has not specified if any of its products are affected. The networking giant has — at least at some point — used Dnsmasq in its own products.

Software-driven cloud networking solutions provider Arista informed customers that its EOS and Cloud Vision Portal products are exposed to remote attacks exploiting CVE-2017-14491. The company has started releasing patches.

Network-attached storage (NAS) solutions provider Synology told customers that its Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) products are affected. The company is working on releasing patches.

Security firm Sophos pointed out that most wireless routers and small footprint devices (i.e. IoT devices) are impacted by the flaws due to the fact that Dnsmasq is a default component in OpenWRT, a popular open source distribution for embedded devices.

Sophos’ own RED devices and cloud-managed access points are vulnerable to attacks. Patches will be made available soon.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...