From: Dave Taht <dave@taht.net>
To: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss] CERT Vulnerability VU#598349
Date: Tue, 18 Sep 2018 10:30:03 -0700 [thread overview]
Message-ID: <87h8imsoh0.fsf@nemesis.taht.net> (raw)
In-Reply-To: <9f31e843-b8a2-5cbb-8fc8-94b35eb13061@thekelleys.org.uk> (Simon Kelley's message of "Sat, 8 Sep 2018 18:17:51 +0100")
As best as I recall, cerowrt enabled wpad for itself and thus
was immune to this bug.
Still... do upgrade off of cerowrt if you haven't already?
Simon Kelley <simon@thekelleys.org.uk> writes:
> https://www.kb.cert.org/vuls/id/598349
>
> The essence of this is that an attacker can get a DHCP lease whilst
> claiming the name "wpad" and thus insert the name wpad.example.com in
> the local DNS pointing the attacker's machine. The presence of that A
> record allows control of the proxy settings of any browser in the network.
>
> It's already possible to mitigate this: adding
>
> 0.0.0.0 wpad wpad.example.com
> :: wpad.wpad.example.com
>
> to /etc/hosts will generate harmless A and AAAA records which override
> those that may be created by DHCP leases.
>
>
> The currently unreleased 2.80 version of dnsmasq adds the
> dhcp-name-match option, which allows
>
> dhcp-name-match=set:wpad-ignore,wpad
> dhcp-ignore-names=tag:wpad-ignore
>
> Which stops the attack at source.
>
>
> The question is, should the above configuration be "baked in" to the code?
>
>
>
> Cheers,
>
> Simon.
>
>
>
>
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
parent reply other threads:[~2018-09-18 17:30 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <9f31e843-b8a2-5cbb-8fc8-94b35eb13061@thekelleys.org.uk>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h8imsoh0.fsf@nemesis.taht.net \
--to=dave@taht.net \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox