Critical Cache Poisoning Vulnerability in Dnsmasq
5 days ago
- #Vulnerability
- #DNS
- #Security
- Critical cache poisoning vulnerability in Dnsmasq allows attackers to inject malicious DNS records.
- Vulnerability named SHAR Attack (Single-character Hijack via ASCII Resolver-silence) affects all Dnsmasq versions.
- Attackers can brute-force TxID and source port within an extended attack window with a high success rate.
- Upstream recursive resolvers silently discard malformed queries, creating a large attack window.
- Undermines DNS security assumptions that resolver silence is benign.
- Suggested mitigations include detection mechanisms for upstream resolver silence and rate limiting.
- Vulnerability amplifies known cache poisoning attacks like SADDNS and Tudoor.
- Proof of Concept demonstrated reliable poisoning of Dnsmasq caches in all trials.