By Eduard Kovacs on January 20, 2021
Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.
The vulnerabilities, collectively tracked as DNSpooq, impact Dnsmasq, a widely used piece of open source software designed to provide DNS, DHCP, router advertisement and network boot capabilities for small networks. Its DNS subsystem “provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and caching of common record types.”
The software is mainly written and maintained by Simon Kelley, who has informed users about the availability of patches. The vulnerability disclosure process began in August 2020 and several impacted vendors told customers that they are working on address the issues.