FYSA
Widespread Vuln
DNSpooq bugs let attackers hijack DNS on millions of devices
* Seven Dnsmasq vulnerabilities (collectively called DNSpooq) can be
exploited to launch DNS cache poisoning, RCE, and DoS attacks against millions
of affected devices
* Dnsmasq is used on a variety of IoT devices, this
report<https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/>
lists 40 vendors whose products may be affected
*
https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/
* https://www.jsof-tech.com/disclosures/dnspooq/
*
https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/
*
https://www.techradar.com/news/top-dns-service-may-be-suffering-from-some-serious-security-flaws
* https://www.theregister.com/2021/01/20/dns_cache_poisoning/
DISCLAIMER: This report is provided "as is" for informational purposes only.
The Cybersecurity and Infrastructure Security Agency (CISA) does not provide
any warranties of any kind regarding any information within. CISA does not
endorse any commercial product or service referenced in this advisory or
otherwise.
Theresa A. Masse
Cyber Security Advisor, Region X (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671 Email:
theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
[cid:image001.png@01D6EF1D.E45D0600]