Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices

Millions of devices could be vulnerable to Domain Name System (DNS) cache poisoning and remote code execution attacks due to seven security flaws in dnsmasq, DNS forwarding and caching software commonly found in smartphones, desktops, servers, routers and other Internet of Things devices, according to Israel-based security company JSOF, which discovered the security holes.

Collectively dubbed DNSpooq, the vulnerabilities in the open-source utility affect a variety of devices and firmware, including those made by some of the world’s leading tech companies.

“Some of the DNSpooq vulnerabilities allow for DNS cache poisoning and one of the DNSpooq vulnerabilities could permit a potential Remote Code execution that could allow a takeover of many brands of home routers and other networking equipment, with millions of devices affected, and over a million instances directly exposed to the Internet,” warned JSOF. According to Shodan, there are almost 1.2 million dnsmasq servers exposed to the internet, with yet more vulnerable devices confined to internal networks but also at risk.

RELATED READING: DNS attacks: How they try to direct you to fake pages

Researchers identified no fewer than 40 vendors that use dnsmasq in a wide range of products and in various pieces of firmware and software. The list includes big names such as Cisco, Asus AT&T, Comcast, Siemens, Dell, Linksys, Qualcomm, Motorola, and IBM, just to mention but a few. Whether and to what extent devices are affected depends on how they use dnsmasq. 

DNSpooq consists of seven vulnerabilities divided into two groups – three that could allow DNS cache poisoning attacks and four buffer overflow vulnerabilities, one of which could lead to remote code execution and device takeover.

An overview of the DNSpooq vulnerabilities (source: JSOF)

“The impact of DNS cache poisoning of the routing equipment DNS forwarding server can potentially lead to different kinds of fraud if users believe they are browsing to one website but are actually routed to another,” the researchers said. They went on to add that each device susceptible to DNS cache poisoning might also be taken over by an attacker.

While on their own the security bugs present a limited risk, once chained and combined they could also be used to conduct Distributed Denial-of-Service (DDoS) attacks as well as wormable attacks that could spread malware between devices and networks.

Researchers disclosed the vulnerabilities in August 2020 and went public with their discovery after the embargo ended this month. While highlighting a number of workarounds in its technical whitepaper to DNSpooq, JSOF advised everybody to apply the best “antidote” – update to dnsmasq version 2.83. In the meantime, multiple vendors have released their respective advisories, mitigations, workarounds and patches, which are now neatly listed on the website of the CERT Coordination Center at Carnegie Mellon University. The Cybersecurity and Infrastructure Security Agency (CISA) also had some advice to share for organizations that use vulnerable products.

In June 2020, JSOF discovered and disclosed 19 security vulnerabilities that were collectively dubbed Ripple20 and were found to affect a popular TCP/IP software library used by millions of connected devices.

BRATISLAVA – ESET, a global leader in cybersecurity, has been commended with Top Product awards in the latest AV-TEST Product Review and Certification reports in both the business and home consumer categories. ESET Endpoint Security 7.3 and ESET Internet Security 13.2 – ESET  security products for Windows in the business and consumer lineups, respectively – achieved Top Product awards with perfect Protection and Usability scores in the August and October 2020 tests.

AV-TEST, a leading independent testing organization, uses one of the largest collections of malware samples in the world to create a real-world environment for highly accurate in-house testing and realistic test scenarios.

The tests evaluated the best Windows antivirus software for both home and business users, with all vendors being assessed across three main categories: Protection, Performance and Usability. In both the consumer and business evaluations, ESET’s solutions scored a perfect 6 in the Protection category, which measures the protection against malware such as viruses, worms and Trojan horses, and a perfect 6 in the Usability category, which measures the impact of the security software on the usability of the computer. Both solutions also scored near-perfect scores of 5.5 in the Performance category, which measures the impact of the product on computer speed in daily usage.

In addition to the excellent results, this past summer ESET received its 100th AV-Test certificate – this milestone marks ten years since ESET achieved its first certificate from AV-Test in June 2010.

Roman Kováč, Chief Research Officer at ESET, commented, “It is extremely encouraging not only to continue to receive commendations for our home and business security solutions, but also to be recognized for ten years of consistent and outstanding results in third-party testing. At ESET, we are extremely proud of our work in making technology safer. This recognition from AV-Test reaffirms that our solutions are proven to work in real-world scenarios. Businesses and home users can be confident that they are in safe hands with ESET. After a year like no other, it has never been more important for your sensitive information and data to be protected with advanced security software both at work and at home.”

Learn more about ESET’s home and business solutions for Windows here.