Vulnerabilities in DNS Proxy Dnsmasq
The release of version 2.50 of the lightweight DNS proxy, Dnsmasq, closes two vulnerabilities which could allow an attacker to inject and execute arbitrary code on systems or routers running the service or stage a denial of service. Dnsmasq is used on routers running the router distributions OpenWRT or DD-WRT as it is ideal for providing DNS services for small networks.
However, the holes only occur in an unusual configuration. The administrator has to enable the TFTP service, explicitly using the
--enable-tfp switch. By default, this service is not enabled on OpenWRT or DD-WRT routers.