Discover Security Vulnerabilities News
Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed
Security researchers have discovered a set of seven vulnerabilities in dnsmasq - a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services - which allow attackers to redirect users or execute malicious code. This dangerous set of flaws has been named DNSpooq. Patch dnsmasq now!
Security researchers have found several serious vulnerabilities in dnsmasq, a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services. Attackers can exploit the flaws to redirect users to rogue websites when trying to access legitimate ones or to execute malicious code on vulnerable devices.
Dnsmasq is a lightweight tool that provides DNS caching, DNS forwarding and DHCP (Dynamic Host Configuration Protocol) services. The utility has been around for around 20 years and is part of the standard set of tools in many Linux distributions, including Android. As a utility that provides network services, dnsmasq is widely used in networking devices such as home business routers but is also present in many other types of embedded and IoT systems including firewalls, VoIP phones and car WiFi systems.