Back in 2017, a research team at Google revealed that there were many vulnerabilities of Dnsmasq (Domain Name System software package) which provides DNS name resolution services to translate domain names to their corresponding IP addresses for connectivity purposes. Due to their findings, there was a lot of debate online. A panic was created and all types of users started looking for options to protect their system from Dnsmasq vulnerabilities.
The exact wordings of the Google engineer were:
found three potential remote code executions, one information leak, and three denials of service vulnerabilities affecting the latest version at the project git server as of September 5th, 2017
In other words, the engineer was talking about the breach of private information. If the exploit was indeed exploited using all the tools, the users could have their information leaked or accessed without authorization.
What is Dnsmasq?
Dnsmasq is actually a DNS forwarder. It is a cache and DHCP server which has many other features too. Being present in various projects, it is quite a popular tool. According to Google Blog, Dnsmasq provides functionality for servers such as DNS and DHCP. Also, it is involved in network booting and router advertisements. Dnsmasq is used in private networks as well as open Internet networks.
The team at Google found seven issues in their security assessments. Once they found them, their next step was to check the impact of these issues and proof of concept for each issue.
Vulnerabilities of Dnsmasq
There are different vulnerabilities in Dnsmasq and some of them are explained. CVE-2017-14491 is a vulnerability that is due to a heap overflow. It is triggered when you make a DNS request. Another vulnerability, CVE-2017-14492 is due to the DHCP server. Another vulnerability due to the same cause is CVE-2017-14493. Both of these are due to memory overflows. The former is heap overflow while the latter is a stack overflow. The proof of concept shows that both of these rely on IPv6.
CVE-2017-14494 is another vulnerability that is related to leak in the DHCP server. Using this vulnerability, exploiters can bypass ASLR. CVE-2017-14495, CVE-2017-14496, and CVE-2017-13704 are the other three vulnerabilities that are actually bugs in the DNS server. They cause DoS. The first one causes this by not freeing memory, the second does it by causing huge memory while the third one crashes upon receiving UDP packet, which is large in size.
The proof of concepts is present on the website so you may check if your system is affected by any of these vulnerabilities. So, if there are mitigations, you can verify them and then deploy them. It was seen by Shodan that there are 1.2 million devices that could be affected by Dnsmasq vulnerabilities. So, it is important to check your device.
How to Protect Your Computer?
To protect your computer from Dnsmasq vulnerabilities, you have to patch them so that there is no security issue later on. If you want to manually install Dnsmasq, you can find it here. The latest version that is approved for Dnsmasq is 2.78.
If you are using an Android device, the security update will fix these issues. Make sure that updates are downloaded in your device to prevent Dnsmasq.
For those users, who are using routers or IoT devices, you have to contact the vendor’s website to see if their products are affected. If they are, then you can see the available patch and apply it.
To segregate traffic from undesired networks, use firewall rules. It is always a good option to turn off services or functions that you are not using on your device.
