ProHoster > Blog > nkhani zapaintaneti > Zovuta mu dnsmasq Lolani DNS Cache Poisoning ndi Root Code Execution

Zovuta mu dnsmasq Lolani DNS Cache Poisoning ndi Root Code Execution

Zofooka zisanu ndi chimodzi zinapezeka mu phukusi la Dnsmasq, lomwe limaphatikiza caching DNS resolver, seva ya DHCP, ntchito yolengeza njira ya IPv6, ndi network boot system. Zofooka izi zimalola kugwiritsa ntchito root code, redirection ya domain, process memory discovery, ndi service crashes. Mavutowa amakonzedwa mu dnsmasq 2.92rel2. Zokonza zimapezekanso ngati ma patch.

Zazindikirika:

  • CVE-2026-4892 ndi buffer overflow mu kukhazikitsa kwa DHCPv6 komwe kumalola wowukira yemwe ali ndi netiweki yakomweko kuti agwiritse ntchito code yokhala ndi mizu mwa kutumiza paketi ya DHCPv6 yopangidwa mwapadera. Overflow imachitika chifukwa DHCPv6 CLID imalembedwa ku buffer popanda kuganizira kuti paketiyo imasunga deta mu hexadecimal notation, yomwe imagwiritsa ntchito ma "%x" byte atatu pa CLID byte iliyonse yeniyeni (mwachitsanzo, kusunga CLID ya 1000-byte kungapangitse kuti ma byte 3000 alembedwe).
  • CVE-2026-2291 — Kuchuluka kwa buffer mu ntchito ya extract_name() kumalola wowukira kuyika zolemba zabodza mu DNS cache ndikutumiza domain ku adilesi ina ya IP. Kuchulukaku kunachitika chifukwa cha kugawa kwa buffer komwe sikunathe kuthawa zilembo zina mu mawonekedwe amkati a dzina la domain mu dnsmasq.
  • CVE-2026-4893 ndi kutayika kwa chidziwitso komwe kumalola kuletsa kutsimikizira kwa DNS potumiza paketi ya DNS yopangidwa mwapadera yokhala ndi zambiri za subnet ya kasitomala (RFC 7871). Kufooka kumeneku kungagwiritsidwe ntchito kusintha mayankho a DNS ndikutumiza ogwiritsa ntchito ku domain ya wowukira. Kufooka kumeneku kumachitika chifukwa chopereka kutalika kwa rekodi ya OPT ku ntchito ya check_source() m'malo mwa kutalika kwa paketi, zomwe zimapangitsa kuti ntchitoyi nthawi zonse ibweze zotsatira zotsimikizika bwino.
  • CVE-2026-4891 - Kulephera kuwerenga bwino mu DNSSEC kumatsimikizira kuti palibe kukumbukira komwe kumabwera mukakonza funso la DNS lopangidwa mwapadera.
  • CVE-2026-4890 - Kuzungulira kotsimikizira kwa DNSSEC kungayambitse kukanidwa kwa ntchito kudzera mu paketi ya DNS yopangidwa mwapadera.
  • CVE-2026-5172 - Kuwerenga kosakwanira mu ntchito ya extract_addresses() kumabweretsa ngozi pokonza mayankho a DNS opangidwa mwapadera.

Mkhalidwe wa kukonza zofooka pa magawidwe ukhoza kuyesedwa patsamba lotsatirali (ngati tsamba silikupezeka, opanga magawidwewo sanayambe kufufuza nkhaniyi): Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch, Fedora, OpenWRT, ndi FreeBSD. Pulojekiti ya Dnsmasq imagwiritsidwa ntchito pa nsanja ya Android ndi magawidwe apadera monga OpenWrt ndi DD-WRT, komanso mu firmware ya ma routers opanda zingwe ochokera kwa opanga ambiri. Mu magawidwe wamba, Dnsmasq ikhoza kuyikidwa pogwiritsa ntchito libvirt kuti ipereke ntchito ya DNS mu makina enieni kapena kuyatsidwa mu NetworkManager configurator.

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster