Threat Watch

Vendors Respond to DNSpooq

In response to the recently disclosed Dnsmasq vulnerabilities, Bleeping Computer has provided a list of vendors and their response to the disclosure. The maintainer of Dnsmasq has also written on the subject and provided thanks to the security researchers who have found the bug and, most importantly, noted that an upgrade to version 2 – which was released on Tuesday – should resolve the vulnerabilities. Other notable vendors such as Cisco, Red Hat, and Canonical (which maintains the Ubuntu Linux distribution) have all offered mitigation advice or the patched update.

ANALYST NOTES

As more vendors will likely respond, it is important to take inventory of external devices that utilize Dnsmasq. Starting with external-facing Linux devices should be a priority as popular server distributions have already offered mitigation advice and patches. While embedded devices may take longer to receive patches, asking vendors to communicate publicly, if the vendor has not already, the potential risks and response the vendor is taking to protect their customers and products should be a high priority as well. As always, investing resources into centralized logging and monitoring will be a crucial resource if mitigations without patching are not enough. It is recommended to read JSOF’s whitepaper to go over the technical details about the traffic seen when the vulnerability is exploited.

References:
https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/