7 security bugs in Dnsmasq, that put an inestimable # of desktops/servers/smartphones/routers & IoT

[Elixer]

Since we know there are millions of devices out there that will NEVER get a patch for this, I am wondering if now, someone can use the PoC (https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq ) to basically root any device?

Security researchers at Google have found seven security bugs in the Dnsmasq application that put an inestimable number of desktops, servers, smartphones, routers, and other IoT devices at risk of hacking.

The seven vulnerabilities are sneakily dangerous because they affect Dnsmasq, a tool that provides a simple DNS server, DNS forwarder, route advertisement, and DHCP capabilities for the devices it is embedded with.

Unknown to most users is that Dnsmasq is currently deployed with Linux and its various modified distributions used for IoT devices and SOHO routers, but also in Android-based devices.

https://www.bleepingcomputer.com/ne...ct-computers-smartphones-routers-iot-devices/

 

[VirtualLarry]

Yeah, Shibby Tomato firmware for routers uses DNSMasq, or CAN, I don't know if it's enabled by default. (I don't think that it is.)

Guess I'll look forward to a patch release of the firmware.

 

[John Connor]

Using Asus Merlin currently. If I recall, there is DNSmasq. I'll stay abreast of a patch.