dnsmasq vulnerabilities

[Marc66]

Any chance this could be updated in 380.68?

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html?m=1

 

[gLWxSJeSsEA]

+1

looks like the current 380.68_2 build is using dnsmasq 2.76

 

[mstombs]

But alpha 382 already using version 2.78 so it will come, looks to be LAN side only so not big issue IMHO...

 

[ColinTaylor]

But alpha 382 already using version 2.78 so it will come, looks to be LAN side only so not big issue IMHO...

Indeed. dnsmasq is not exposed to the internet so the hacker would need to already be connected to your LAN. In such a situation you've probably got bigger problems! It would be more of a concern where the router is used in a public environment, like a cyber café.

 

[RMerlin]

Indeed. dnsmasq is not exposed to the internet so the hacker would need to already be connected to your LAN. In such a situation you've probably got bigger problems! It would be more of a concern where the router is used in a public environment, like a cyber café.

I'll take a look at it this week to see if anything is affecting 380.68.


Sent from my P027 using Tapatalk

 

[melevittfl]

Indeed. dnsmasq is not exposed to the internet so the hacker would need to already be connected to your LAN. In such a situation you've probably got bigger problems! It would be more of a concern where the router is used in a public environment, like a cyber café.

Not true. If an attacker can get someone browse to a domain they control, they can cause the browser to do DNS lookups.

 

[Nullity]

Not true. If an attacker can get someone browse to a domain they control, they can cause the browser to do DNS lookups.

That seems to be right: https://twitter.com/SimonRKelley/status/914918747978305537

 

[mstombs]

I'll take a look at it this week to see if anything is affecting 380.68.

Many thanks

380.68_4 (4-Oct-2017)
- CHANGED: Updated dnsmasq to 2.78 (contains a number of security fixes).