fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

List Of DNSpooq Vulnerability Advisories, Patches, And Updates

List Of DNSpooq Vulnerability Advisories, Patches, And Updates

Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices.

Dnsmasq is a widely used open-source Domain Name System (DNS) forwarding application commonly installed on routers, operating systems, access points, and other networking equipment.

Vendors have started to release information on how customers can protect themselves from DNSPooq. To make it easier to find this information, BleepingComputer will be listing security advisories as they are released. 

The related CVEs from JSOF’s DNSpooq advisory are listed below, along with their descriptions.

NameCVSSDescription
CVE-2020-256818.1Dnsmasq versions before 2.83are susceptible to a heap-based buffer overflow in sort_rrset() when DNSSEC is used. This can allow a remote attacker to write arbitrary data into target device’s memory that can lead to memory corruption and other unexpected behaviors on the target device.
CVE-2020-256828.1Dnsmasq versions before 2.83 are susceptible to buffer overflow in extract_name() function due to missing length check, when DNSSEC is enabled. This can allow a remote attacker to cause memory corruption on the target device.
CVE-2020-256835.9Dnsmasq versions before 2.83 are susceptible to a heap-based buffer overflow when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a Denial of Service.
CVE-2020-256875.9Dnsmasq versions before 2.83are vulnerable to a heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of Service.
CVE-2020-256844A lack of proper address/port check implemented in dnsmasq versions
CVE-2020-256854A lack of query resource name (RRNAME) checks implemented in dnsmasq’s versions before 2.83 reply_query function allows remote attackers to spoof DNS traffic that can lead to DNS cache poisoning.
CVE-2020-256864Multiple DNS query requests for the same resource name (RRNAME) by dnsmasq versions before 2.83 allows for remote attackers to spoof DNS traffic, using a birthday attack (RFC 5452), that can lead to DNS cache poisoning.

BleepingComputer suggests checking this page throughout the coming days to see if new information is available for devices you may be using.

For more detailed information about the DNSpooq vulnerabilities, you can read the articles below:

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

Official Advisories, Notices, Patches, or Updates:

Below is a list of DNSPooq/dnsmasq advisories released by different vendors. The CERT Coordination Center is also maintaining a list of advisories shared with them.

If you are a vendor with an advisory or notice, please contact us to have your information added. 

Last Updated: 01/20/21

Arista

Arista’s advisory states that the DNSPooq vulnerabilities affect “all EOS products including the 7xxx and 7xx Series switches and routers, and all CloudEOS packaging options.”

Arista has released updates that resolve the vulnerabilities and a hotfix if upgrading is not feasible at this time.

Cisco

Cisco released an advisory stating that 55 products and services are affected by the dnsmasq vulnerabilities.  While updated software is already available for some products, many affected devices will not have fixes until February and March.

Users can find a full list of affected products and when patches will be available in the advisory.

DNSMasq

Simon Kelley, the maintainer of DNSpooq, has posted an advisory to the Dnsmasq-discuss mailing list. This advisory advises all dnsmasq users to upgrade to version 2.83 to resolve the vulnerabilities.

Their complete advisory is below.

“There are broadly two sets of problems. The first is subtle errors in dnsmasq’s protections against the chronic weakness of the DNS protocol to cache-poisoning attacks; the Birthday attack, Kaminsky, etc. The code is now as secure as it can be, given that the real solution to this is DNSSEC, both endpoint validation and domains actually signing. This is covered by CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686.

Unfortunately, given the above, the second set of errors is a good old fashioned buffer overflow in dnsmasq’s DNSSEC code. If DNSSEC validation is enabled, an installation is at risk. This is covered by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687.

Many, many people have worked over a considerable period to find these problems, fix them, and co-ordinate the security response. They are named in JSOF’s disclosure, but special mention should go to Shlomi Oberman, Vijay Sarvepilli, Petr Menšík, and Dan Schaper.”

OpenWRT

OpenWRT has released an advisory explaining how you can upgrade your dnsmasq package to resolve the vulnerability using the following command:

opkg update; opkg upgrade $(opkg list-installed dnsmasq* | cut -d' ' -f1)

More details on how to verify if the upgrade completed successfully can be found in the advisory.

The advisory also provides configuration-based mitigation if you are unable to upgrade your router at this time.

Netgear

Netgear has released an advisory stating that the following products are vulnerable to the DNSPooq dnsmaq vulnerabilities:

  • RAX40 running firmware versions prior to v1.0.3.88
  • RAX35 running firmware versions prior to v1.0.3.88

Netgear owners can download updated firmware for these products from the NETGEAR Support section.

Red Hat

Red Hat released an advisory today offering mitigation advice for various versions of Red Hat Enterprise Linux. 

It is possible to mitigate the vulnerabilities in Red Hat 8.3 using dnsmasq configuration options. However, earlier versions require you to update the dnsmasq package.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Siemens

Siemens has released a security advisory that states the RuggedCom RM1224 and various Scalance versions are affected by the DNSPooq vulnerabilities.

Updates are not available yet, but Siemens has provided mitigations that can be applied to the devices to reduce the risk.

Sophos

Sophos’ advisory states that their Sophos RED product is affected by the DNSPooq vulnerability. Sophos states that updated Sophos RED firmware for XG Firewall and SG UTM will be available soon.

Synology

Synology has released a security advisory stating that their DiskStation Manager (DSM) and Synology Router Manager (SRM) operating systems are only vulnerable to the DNSPooq DNS cache poisoning vulnerabilities (CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686).

“None of Synology’s products are affected by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687 as these vulnerabilities only affect when DNSSEC is compiled,” Synology’s advisory explains about the other vulnerabilities.

The vulnerabilities in SRM 1.2 are resolved in version 1.2.4-8081-2 or above. A fix is not available yet for DSM 6.2.

Ubuntu

Ubuntu has issued an advisory listing available packages for Ubuntu 16.04, 18.04, 20.04, and 20.10 that resolve the vulnerability.

It should be noted that “after a standard system update you need to reboot your computer to make all the necessary changes.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us