How To Protect Windows From Dnsmasq Vulnerabilities?

Back in 2017, a research team at Google revealed that there were many vulnerabilities of Dnsmasq (Domain Name System software package) which provides DNS name resolution services to translate domain names to their corresponding IP addresses for connectivity purposes. Due to their findings, there was a lot of debate online. A panic was created and all types of users started looking for options to protect their system from Dnsmasq vulnerabilities.

The exact wordings of the Google engineer were:

found three potential remote code executions, one information leak, and three denials of service vulnerabilities affecting the latest version at the project git server as of September 5th, 2017

In other words, the engineer was talking about the breach of private information. If the exploit was indeed exploited using all the tools, the users could have their information leaked or accessed without authorization.

What is Dnsmasq?

Dnsmasq is actually a DNS forwarder. It is a cache and DHCP server which has many other features too. Being present in various projects, it is quite a popular tool. According to Google Blog, Dnsmasq provides functionality for servers such as DNS and DHCP. Also, it is involved in network booting and router advertisements. Dnsmasq is used in private networks as well as open Internet networks.

The team at Google found seven issues in their security assessments. Once they found them, their next step was to check the impact of these issues and proof of concept for each issue.

Dnsmasq vulnerability

Vulnerabilities of Dnsmasq

There are different vulnerabilities in Dnsmasq and some of them are explained. CVE-2017-14491 is a vulnerability that is due to a heap overflow. It is triggered when you make a DNS request. Another vulnerability, CVE-2017-14492 is due to the DHCP server. Another vulnerability due to the same cause is CVE-2017-14493. Both of these are due to memory overflows. The former is heap overflow while the latter is a stack overflow. The proof of concept shows that both of these rely on IPv6.

Dnsmasq Exploits

CVE-2017-14494 is another vulnerability that is related to leak in the DHCP server. Using this vulnerability, exploiters can bypass ASLR. CVE-2017-14495, CVE-2017-14496, and CVE-2017-13704 are the other three vulnerabilities that are actually bugs in the DNS server. They cause DoS. The first one causes this by not freeing memory, the second does it by causing huge memory while the third one crashes upon receiving UDP packet, which is large in size.

The proof of concepts is present on the website so you may check if your system is affected by any of these vulnerabilities. So, if there are mitigations, you can verify them and then deploy them. It was seen by Shodan that there are 1.2 million devices that could be affected by Dnsmasq vulnerabilities. So, it is important to check your device.

How to Protect Your Computer?

To protect your computer from Dnsmasq vulnerabilities, you have to patch them so that there is no security issue later on. If you want to manually install Dnsmasq, you can find it here. The latest version that is approved for Dnsmasq is 2.78.

If you are using an Android device, the security update will fix these issues. Make sure that updates are downloaded in your device to prevent Dnsmasq.

For those users, who are using routers or IoT devices, you have to contact the vendor’s website to see if their products are affected. If they are, then you can see the available patch and apply it.

To segregate traffic from undesired networks, use firewall rules. It is always a good option to turn off services or functions that you are not using on your device.


Kevin Arrows

Kevin is a dynamic and self-motivated information technology professional, with a Thorough knowledge of all facets pertaining to network infrastructure design, implementation and administration. Superior record of delivering simultaneous large-scale mission critical projects on time and under budget.
Back to top button

Expert Tip

How To Protect Windows From Dnsmasq Vulnerabilities?

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested