Dnsmasq Vulnerabilities Threaten DNS Integrity

Diving deeper into DNSpooq

• The DNS cache poisoning vulnerabilities, tracked as CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685, could let threat actors replace legitimate DNS records on a device with ones of their choosing.
• The buffer overflow vulnerabilities, tracked as CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, and CVE-2020-25681, could let attackers remotely execute arbitrary code on vulnerable networking equipment when Dnsmasq is configured to use DNSSEC.
• In addition, there are some hypothetical attack scenarios such as massive JavaScript-fueled DDoS, reverse DDoS, and wormable attacks in the case of mobile devices that switch networks regularly.
• The long and varied list of impacted vendors includes forty well-known brand names, including Asus, AT&T, Google, Comcast, Cisco, Redhat, HPE, Juniper, and Ubiquiti.

Recent DNS-based threats

• In December, cross-layer attacks using the Linux kernel’s pseudo-random number generator bug (CVE-2020-16166) was risking the users against DNS cache poisoning attacks.
• In November, Side-channel AttackeD DNS attack led to a revival of DNS cache poisoning attacks due to a bug (CVE-2020-25705) rendering public DNS resolvers.

The bottom line