Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Android
    • Android
    • Cybersecurity

    Google Reveals Critical Flaws in Dnsmasq Software Packages

    By
    SEAN MICHAEL KERNER
    -
    October 4, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Software Development Security

      A team of Google security researchers has discovered a set of security vulnerabilities in the Dnsmasq software package that could have potentially enabled a remote code execution by an attacker. 

      Dnsmasq is a widely used open-source network utilities program that provides local DNS (Domain Name Service) services as well as DHCP (Dynamic Host Configuration Protocol) capabilities. Among the many places where Dnsmasq is used is inside of Google’s Android mobile operating system, as well as in the Kubernetes container orchestration system.

      “During our review, the team found three potential remote code executions, one information leak, and three denial of service vulnerabilities affecting the latest version at the project git server as of September 5th 2017,” the Google researchers wrote in a blog post.

      All of the Dnsmasq vulnerabilities discovered by the Google researchers have now been patched in the upstream project as of the 2.78 release, which became generally available on Oct. 2. In addition, Google has developed an additional patch that will provide improved sandboxing for Dnsmasq. The additional patch provides a seccomp (SECure COMPuting) filter for Linux that enables enhanced control for Dnsmasq.

      The use of sandbox techniques—that is, technologies that restrict the actions of a given process to a certain section of system memory—is already in use on Google’s Android operating system. Among the remote code execution issues is CVE-2017-14496, which Google has now patched in the October Android update.

      “Android is affected by CVE-2017-14496 when the attacker is local or tethered directly to the device—the service itself is sandboxed so the risk is reduced,” the Google researchers stated.

      In addition to the Dnsmasq fix, the October Android update once again is providing users with patches for the much maligned media framework. In total, Google has patched the Android media framework for six issues, three of which (CVE-2017-0809, CVE-2017-0810, CVE-2017-081) are identified as critical remote code execution vulnerabilities. The mediaserver library has been the subject of intense scrutiny since July 2015, when the Stagefright flaws were first revealed.

      The Android mediaserver has been patched in every Android security update issued by Google since August 2015.

      Kubernetes

      The impact of the Dnsmasq vulnerability goes beyond just Android and is embedded in other software as well as networking devices.

      “This software is commonly installed in systems as varied as desktop Linux distributions (like Ubuntu), home routers, and IoT devices,” the researchers wrote in a blog post. “Dnsmasq is widely used both on the open internet and internally in private networks.”

      Among the impacted software applications is Kubernetes, which has become an increasingly popular and widely deployed system by multiple vendors for container orchestration. The recently released Kubernetes 1.8 milestone, as well as earlier versions including 1.5.8, 1.6.11 and 1.7.7, has been updated with the patched version of Dnsmasq.

      Linux vendor Red Hat has specifically highlighted the CVE-2017-14491 remote code execution vulnerability in Dnsmasq as being the worst of the seven issues.

      “To trigger this flaw, an attacker would need to control a malicious domain (eg, evil.com) and send DNS requests to dnsmasq that would cause it to cache replies from that domain,” Red Hat warned in its advisory. “By carefully constructing DNS requests and responses, dnsmasq could be made to overflow an internal buffer on the heap, using content influenced by the attacker. This could potentially be used to achieve code execution.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×