Delaware, USA – October 10, 2017 – In early October, experts from Google published information on the research about the popular DNS forwarder and DHCP server – Dnsmasq. This program is used in routers and some IoT devices and it is also included in various Linux distributions. Currently, Shodan detects about 1.2 million devices with installed Dnsmasq software, located mainly in China, Brazil and the United States. The researchers found seven vulnerabilities, three of them allow remote code execution (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493), three can be used for the DoS attacks (CVE-2017-14495, CVE- 2017-14496, CVE-2017-13704), and the last discovered vulnerability – CVE-2017-14494 – allows hackers to bypass the ASLR technology. Adversaries can use them to deliver malicious code to the organizations’ network or for lateral movement within the perimeter of the attacked company.
All these vulnerabilities were fixed in Dnsmasq 2.78, so if your organization has assets with earlier versions of this software installed, you need to update them as soon as possible. If you leverage ArcSight, QRadar or Splunk, you can download Dnsmasq Tracker from Use Case Cloud for free. It will enable your SIEM to identify all vulnerable assets in a few minutes.