Connecticut Office CALL US AT (203)-295-5050 | New York Office (646)-693-1950
Home - Article

Featured Article

October 03, 2017

Alert: Critical Vulnerabilities Found Lurking in Dnsmasq


Apex Technology Services is now warning clients about a critical system vulnerability that was recently discovered in a commonly-used software package.

The security alert applies to Dnsmasq, a service which provides support for DHCP, DNS, network boot and router advertisement services. Dnsmasq is commonly used in Linux systems, as well as IoT devices, hotspots and smartphone connections.

Seven major security flaws have been discovered in Dnsmasq, a few of which could be used to enable data leaks and remote code execution. The vulnerabilities do not impact users running the latest version of Dnsmasq, version 2.78.

Here is a breakdown of each issue:

The vulnerability CVE-2017-14494, can be exploited to work around the address space layout randomization (ALSR) memory protection function — enabling remote attackers to acquire sensitive data.

CVE-2017-14492,  CVE-2017-14493  andCVE-2017-14491 can be classified as remote code execution flaws caused by stack buffer overflow and heap buffer overflow errors.  These vulnerabilities can be used to cause a denial of service (DoS) crash or remote attack.

CVE-2017-14496, CVE-2017-13704 and CVE-2017-14495 can also be used to execute DoS attacks against networks.

Fortunately, fixes are available for all of these bugs. They can be found on the Dnsmasq GitHub project page. A separate patch is also available that provides additional sandboxing for Dnsmasq.

Apex Technology Services is actively monitoring this situation, and will provide further information when it becomes available.

For more information, or to request help in addressing these vulnerabilities, contact Apex Technology services today.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

To ensure your security, consider one of our most popular services — Auditing & Documentationwhich pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!