Google: Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Our team has previously posted about DNS vulnerabilities and
exploits. Lately, we've been busy reviewing the security of
another DNS software package: Dnsmasq. We are writing this to
disclose the issues we found and to publicize the patches in
an effort to increase their uptake. Dnsmasq provides
functionality for serving DNS, DHCP, router advertisements and
network boot. This software is commonly installed in systems
as varied as desktop Linux distributions (like Ubuntu), home
routers, and IoT devices. Dnsmasq is widely used both on the
open internet and internally in private networks. We
discovered seven distinct issues (listed below) over the
course of our regular internal security assessments. Once we
determined the severity of these issues, we worked to
investigate their impact and exploitability and then produced
internal proofs of concept for each of them. We also worked
with the maintainer of Dnsmasq, Simon Kelley, to produce
appropriate patches and mitigate the issue.
- - -
--Lauren--
Lauren Weinstein ([email protected]): https://www.vortex.com/lauren
Lauren's Blog: https://lauren.vortex.com
Google Issues Mailing List: https://vortex.com/google-issues
Founder: Network Neutrality Squad: https://www.nnsquad.org
PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
Google+: https://google.com/+LaurenWeinstein
Twitter: https://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800
--- Impeach Trump ---
_______________________________________________
nnsquad mailing list
https://lists.nnsquad.org/mailman/listinfo/nnsquad
