[FS#3586] dnsmasq, dnsmasq-full are vulnerable to remote code execution and other severe attacks.

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Thu Jan 21 08:03:34 EST 2021


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - levush (levush) 

Attached to Project - OpenWrt/LEDE Project
Summary - dnsmasq, dnsmasq-full are vulnerable to remote code execution and other severe attacks.
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Critical
Priority - Very Low
Reported Version - All
Due in Version - Undecided
Due Date - Undecided
Details - dnsmasq, dnsmasq-full, CVE-2020-25681, CVE-2020-25687, CVE-2020-25684, CVCVE-2020-25685, RCE

problem:
dnsmasq, dnsmasq-full are vulnerable to remote code execution and other severe attacks.
dnsmasq in openwrt is below 2.83, 
e.g. 2.80 which renders nearly all openwrt-deployments vulnerable.


reproduction:
craft attacks documented below with openwrt router.
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf

mitigation:
see 
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf

Page 19:
"
Update your dnsmasq software to the latest version (2.83 or above).  This is the best and only complete mitigation.
"


So please 
-update dnsmasq and its flavors (-full, etc) asap to higher than 2.83 for all platforms of openwrt.
-notify the users by adding a big notice on the openwrt.org homepage, that they should
update their openwrt deployments.

Thanks in advance.


More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3586

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list