Is this a problem for Mint?Google security engineers have spotted not one, not two, but seven serious flaws in Dnsmasq, a fairly widely used DNS forwarder and DHCP server.
This open-source program is present in a lot of home routers and certain Internet of Things gadgets, and included in desktop Linux distributions such as Ubuntu and Debian. According to Shodan, there are right now 1,098,179 devices facing the public internet with Dnsmasq services running.
The worst bugs can be exploited over the network to execute malicious code on a vulnerable system and hijack it.
New Dnsmasq exploits found by security engineers
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
New Dnsmasq exploits found by security engineers
http://www.theregister.co.uk/2017/10/02/dnsmasq_flaws/
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- Pjotr
- Level 24
- Posts: 20092
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: New Dnsmasq exploits found by security engineers
Security issues are being discovered, and fixed, almost on a daily basis. That's where all those security updates you keep getting are for.... So: *shrug* business as usual.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: New Dnsmasq exploits found by security engineers
Checked your updates? My dns-masq was updated yesterday.
As mentioned this is an ongoing process. It'll never end. There's no OS that will magically make you hack proof, but at least with open source ones they can't hide the bugs forever.
As mentioned this is an ongoing process. It'll never end. There's no OS that will magically make you hack proof, but at least with open source ones they can't hide the bugs forever.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
Re: New Dnsmasq exploits found by security engineers
The dnsmasq version I have installed is 2.75. The version with the patch that fixes this vulnerability is 2.78. How can I manually update dnsmasq to the patched version 2.78? Do I have to wait for the automatic update to occur via the Update Manager? Googling around I do not see a simple way to update dnsmasq from one version to the newest one. Am I missing something? Is this something I should even be concerned about?
Thanks in advance for any advice.
Thanks in advance for any advice.
- Pjotr
- Level 24
- Posts: 20092
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: New Dnsmasq exploits found by security engineers
Note that it's open source, so sometimes the repo maintainers choose to apply only the security fixes to the leaky old version, instead of uploading an entirely new upstream version.Brent Rasmussen wrote:The dnsmasq version I have installed is 2.75. The version with the patch that fixes this vulnerability is 2.78. How can I manually update dnsmasq to the patched version 2.78? Do I have to wait for the automatic update to occur via the Update Manager? Googling around I do not see a simple way to update dnsmasq from one version to the newest one. Am I missing something? Is this something I should even be concerned about?
Thanks in advance for any advice.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: New Dnsmasq exploits found by security engineers
You should not be concerned; assuming you installed the normal updates you are using a patched version already. The 2.78 refers to the upstream ("main") version only. As a matter of regression management distributions don't indiscriminately update to a fully new version automatically, but (when and as long as possible) backport isolated vulnerability fixes to their own version. In the case of Ubuntu 16.04 / Mint 18.x and dnsmasq, the latter is version 2.75, patched for the here referred to vulnerabilities as of version 2.75-1ubuntu0.16.04.3: https://usn.ubuntu.com/usn/usn-3430-1/.
You're fine...
You're fine...
Re: New Dnsmasq exploits found by security engineers
maybe, but I have noticed strange activity lately with dnsmasq listening on port 2995, then possibly related instances of smbd nmbd httpd setting up connections to remote sites. Mint 17.3 here, still supposedly being patched but dnsmasq is back at ver 2.68.rene wrote:You should not be concerned; ......
You're fine...
...or is the blue highlighted section a normal happenstance related to mintupdate (and if so what the heck is it doing?)
Re: New Dnsmasq exploits found by security engineers
You appear to be confusing process id's with "ports"; the 2995 that is displayed for dnsmasq is a process id (PID) and has nothing to do with networking. Also, the blue section is not readable.
From the same link as posted above, the Mint 17.3 (i.e., Ubuntu 14.04) version of dnsmasq is updated as to the in this thread mentioned vulnerabilities as of 2.68-1ubuntu0.2; an
"La condition humaine" is to distrust that which we don't understand. You should not be concerned, and you're fine.
From the same link as posted above, the Mint 17.3 (i.e., Ubuntu 14.04) version of dnsmasq is updated as to the in this thread mentioned vulnerabilities as of 2.68-1ubuntu0.2; an
apt show dnsmasq
will confirm you being on that version if you are on an updated system. Other than that: as far as I am able to visually decrypt your screenshot you appear to have http(s) processes active; not httpd; smbd and nmbd are both not shown and just a normal part of samba. "La condition humaine" is to distrust that which we don't understand. You should not be concerned, and you're fine.