Apex Technology Services is now warning clients about a critical system vulnerability that was recently discovered in a commonly-used software package.
The security alert applies to Dnsmasq, a service which provides support for DHCP, DNS, network boot and router advertisement services. Dnsmasq is commonly used in Linux systems, as well as IoT devices, hotspots and smartphone connections.
Seven major security flaws have been discovered in Dnsmasq, a few of which could be used to enable data leaks and remote code execution. The vulnerabilities do not impact users running the latest version of Dnsmasq, version 2.78.
Here is a breakdown of each issue:
The vulnerability CVE-2017-14494, can be exploited to work around the address space layout randomization (ALSR) memory protection function — enabling remote attackers to acquire sensitive data.
CVE-2017-14492, CVE-2017-14493 andCVE-2017-14491 can be classified as remote code execution flaws caused by stack buffer overflow and heap buffer overflow errors. These vulnerabilities can be used to cause a denial of service (DoS) crash or remote attack.
CVE-2017-14496, CVE-2017-13704 and CVE-2017-14495 can also be used to execute DoS attacks against networks.
Fortunately, fixes are available for all of these bugs. They can be found on the Dnsmasq GitHub project page. A separate patch is also available that provides additional sandboxing for Dnsmasq.
Apex Technology Services is actively monitoring this situation, and will provide further information when it becomes available.
For more information, or to request help in addressing these vulnerabilities, contact Apex Technology services today.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.