Dnsmasq: A Reality Check and Remediation Practices
Published on: October 9, 2017
TL;DR: Many vulnerabilities in one shot, yet several pre-conditions for a target to be actually exploitable. Here’s simple flowchart to check whether your Dnsmasq deployments are vulnerable.
Dnsmasq is the de-facto tool to implement DNS and DHCP services in small servers and embedded devices. Being Dnsmasq user, when Google Security researchers disclosed the CVE-2017-14491 to 14496 series, I quickly checked whether my installation was vulnerable.
Turned out that, despite I found a vast amount of devices running a vulnerable version of Dnsmasq, the chain of pre-conditions for these vulnerabilities to be exploitable are not super trivial. So I decided to write them down in a flowchart.
You can read
the full blog post here!
#trendmicro #measurement #vulnerability
©2007–2019. All rights are reserved
to Federico Maggi or the respective authors.
Opinions are my own, and not necessarily reflecting the views of my employer.
Updated on 2019-01-16T13:35:02+0100 - Colophon