Overview
DNSpooq Vulnerabilities: Multiple vulnerabilities that could result in DNS cache poisoning and Remote Code Execution (RCE) have been discovered by researchers. The vulnerabilities reside at the dnsmasq, popular DNS software used on millions of equipment.
The vulnerabilities have been disclosed by researchers from Israeli security company JSOF. Naming the vulnerabilities collectively as DNSpooq, the company shared the details on its official website.
Background
As being one of the fundamental protocols of the Internet, Domain Name System (DNS) translates human memorizable alphabetic names (URLs for the websites) into numeric Internet Protocol (IP) addresses.
DNSmasq (short for DNS masquerade) is a popular and lightweight DNS server with bundled software functionality for DHCP (Dynamic Host Configuration Protocol), TFTP (Trivial File Transfer Protocol), router advertisement etc. It is especially present in the firmware of a lot of home routers and IOT (Internet of Things) devices due to its low resource requirement.
Description
A total of 7 vulnerabilities that reside on DNSmasq have been disclosed. Three of these vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686) could allow an attacker conduct DNS cache poisoning attacks (forging DNS replies). The other four vulnerabilities (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687) could lead to RCE attacks due to buffer overflow flaws in DNSmasq.
More than 40 vendors are thought to be affected by these vulnerabilities. AT&T, Cisco, Comcast, D-Link, Dell, Huawei, IBM, Juniper, Linksys, Motorola, Netgear, Qualcomm, Raspberry, Siemens, Xiaomi, ZTE, Zyxel are some of the well known of them to name among others.
Impact
Successful exploitation of the vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686 could allow an attacker to forge DNS responses, leading users querying the poisoned resolver to be redirected to the IP addresses that the attacker choose.
Impact Summary CVE-2020-25684
Category: Spoofing (DNS Poisoning)
CVSS 3.1 Base Score: 3.7 Low
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Summary CVE-2020-25685
Category: Spoofing (DNS Poisoning)
CVSS 3.1 Base Score: 3.7 Low
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Summary CVE-2020-25686
Category: Spoofing (DNS Poisoning)
CVSS 3.1 Base Score: 3.7 Low
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Successful exploitation of the vulnerabilities CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687 could allow an attacker to conduct Remote Code Execution (RCE) attacks due to existing buffer overflow flaws on the software.
Impact Summary CVE-2020-25681
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 8.1 High
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Summary CVE-2020-25682
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 8.1 High
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Summary CVE-2020-25683
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 5.9 Medium
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Summary CVE-2020-25687
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 5.9 Medium
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Solution (Update)
To remediate against the DNSpooq vulnerabilities, dnsmasq needs to be upgraded version 2.83 or above. Note that, since dnsmasq comes bundled with the firmware of many IOT and router devices, full firmware updates/upgrades could be required on most devices.
One single vulnerability all an attacker needs.
Window Snyder
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
To learn more about DNS based attacks, you could also read our article Is DNS Cache Poisoning Back with SAD DNS Attack?
