Dnsmasq is a widely used open-source Domain Name System (DNS) forwarding application commonly installed on routers, operating systems, access points, and other networking equipment. Multiple organizations, operating systems and products were affected by the DNSpooq vulnerability. Attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks on affected … Continue reading “DNSpooq vulnerability (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)”
Tag: dnsmasq
DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)
A critical vulnerability has been found in DHCP client (dhclient) packages in Red Hat Enterprise Linux 6 and 7. The flaw allows unauthenticated remote attackers to execute arbitrary Linux commands with root privileges. An attacker can set up a malicious DHCP server on the local network and spoof DHCP responses in order to exploit this flaw … Continue reading “DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)”
Critical Vulnerabilities Discovered in dnsmasq
Various vulnerabilities have been discovered in dnsmasq, an open source framework for managing DNS, DHCP, Router Advertisement, network boot etc. These issues were discovered in versions prior to 2.78 . The vulnerabilities were disclosed to CERT/CC by Google Security Team. These vulnerabilities can be exploited remotely via DNS and DHCP protocol. CVE Protocol Description CVE-2017-14491 DNS 2 byte … Continue reading “Critical Vulnerabilities Discovered in dnsmasq”