Skip to main content

Several Security Issues Found In Solutions That Use DNSmasq

By October 20, 2017June 21st, 2022Cybersecurity

Open source tools offer a lot of compelling advantages, with one of the biggest and most important being that they tend to have relatively fewer bugs and security flaws. The reason is that they’re open source initiatives, and anyone can dig into the source code and tweak it to make it better.

Unfortunately, there are exceptions to every rule, a fact that was brought into painful focus recently by a group of Google security researchers who found not one, not two, but a total of seven critical security flaws in an open source program called DNSMasq.

DNSMasq comes pre-installed on some Linux machines (Ubuntu and Debian) and is frequently used on home routers, smartphones and a variety of “smart” devices. Worldwide, there are approximately 1.1 million active installations.

Per the research team: “We discovered seven distinct issues over the course of our regular internal security assessments. Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of DNSMasq, Simon Kelley, to produce appropriate patches and mitigate the issue.”

Since all of the issues have been patched, Google has released the Proof-of-Concept exploit code for each of the bugs they found. Of them, three would have allowed a user to execute code remotely, and three others would have made it possible to commandeer a device so it could be used in a denial of service attack.

If you use DNSMasq, be sure you update your software to version 2.78 or later so that you’re using a version which contains the bug fixes. For Google’s part, they issued an update on Sept. 5, 2017 that fixes the issue on any Android device running the software.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.