CVE-2017-15107:DNSSEC vulnerability in Dnsmasq up to version 2.78 allows improper interpretation of wildcard synthesized NSEC records.

splash
Back

Description Preview

A security vulnerability (CVE-2017-15107) was discovered in the DNSSEC implementation of Dnsmasq versions up to and including 2.78. The flaw involves the improper interpretation of wildcard synthesized NSEC (Next Secure) records, which could be exploited to prove the non-existence of hostnames that actually exist. This vulnerability could potentially allow attackers to bypass DNSSEC validation and conduct DNS spoofing attacks against systems relying on Dnsmasq for DNS resolution.

Overview

Dnsmasq is a lightweight DNS, DHCP, and TFTP server commonly used in home routers, IoT devices, and small networks. The vulnerability affects the DNSSEC validation mechanism in Dnsmasq, specifically how it handles wildcard synthesized NSEC records. DNSSEC is designed to protect against DNS spoofing by providing authentication of DNS data. However, this vulnerability undermines that protection by allowing attackers to trick Dnsmasq into believing that certain hostnames don't exist when they actually do. This could lead to DNS spoofing attacks, where users might be redirected to malicious websites or services instead of legitimate ones.

Remediation

To address this vulnerability, the following actions are recommended:

  1. Update Dnsmasq to version 2.79 or later, which contains the fix for this vulnerability.
  2. If immediate updating is not possible, consider temporarily disabling DNSSEC validation in Dnsmasq until the update can be applied (though this reduces overall security).
  3. Network administrators should monitor DNS traffic for any suspicious activity that might indicate exploitation attempts.
  4. Apply vendor-specific patches if using Dnsmasq as part of another product, such as a router firmware or Linux distribution.
  5. For OpenSUSE users, apply the security update referenced in openSUSE-SU-2019:2669.

References

  1. Vendor Advisory: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
  2. SecurityFocus: http://www.securityfocus.com/bid/102812
  3. OpenSUSE Security Announcement: http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html
  4. MITRE CVE Entry: CVE-2017-15107

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Retail Trade
    Retail Trade
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Finance and Insurance
    Finance and Insurance
  6. Management of Companies & Enterprises
    Management of Companies & Enterprises
  7. Public Administration
    Public Administration
  8. Transportation & Warehousing
    Transportation & Warehousing
  9. Utilities
    Utilities
  10. Educational Services
    Educational Services
  11. Other Services (except Public Administration)
    Other Services (except Public Administration)
  12. Accommodation & Food Services
    Accommodation & Food Services
  13. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  14. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  15. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  16. Construction
    Construction
  17. Information
    Information
  18. Mining
    Mining
  19. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background