an analysis of the significant conditions that must exist for a vulnerable installation to be exploitable,.
Given Dnsmasq's ubiquity and the well-known difficulty in patching embedded systems, this post covers: This estimate does not include hosts running Dnsmasq that aren't exposed to the public internet.
These hosts, under the circumstances explained in this post, are potentially vulnerable to all or some of these vulnerabilities. Updated on October 10, 2017, 7:30 PM PDT to add further Trend Micro solutions.ĭnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options.īased on Censys and Shodan data, we found that about one million publicly accessible hosts are running a Linux distribution that likely includes Dnsmasq, and are exposing a DNS service (port 53) on the public internet.