Many security flaws happen because of mis-configured DNS resources, either unintentionally or deliberately through malware attacks. A new survey shows that a fifth of the respondents found out about DNS attacks through customer complaints, meaning that their own networking monitoring equipment failed.
Google has found serious vulnerabilities in Dnsmasq, a widely used software both on the open internet and internally in private networks.
Written and maintained by Simon Kelley, Dnsmasq provides functionality for serving DNS, DHCP, router advertisements and network boot and is commonly installed in systems as varied as desktop Linux distributions (like Ubuntu), home routers, and IoT devices.
According to Google security engineers, seven vulnerabilities were found including three potential remote code executions, one information leak, and three denial of service vulnerabilities and worked with the software’s creator to fix them and issue patches.
Users who have deployed the latest version of Dnsmasq (2.78) will be protected from the attacks discovered here. Android partners have received this patch as well and it will be included in Android’s monthly security update for October. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0 have been released with a patched DNS pod. Other affected Google services have been updated.
dnsmasq is considered to be lightweight and easy to configure; it is designed for personal computer use or for use on a network with less than 50 computers. It also comes with a PXE server.
This researcher shows how to deliberately break DKIM, one of the email security protocols, by adding additional header lines to messages. DKIM leverages DNS for its protection.