Exclusive Patreon Security Story Coverage (Patreon)

This is your exclusive patreon headline story from the ThreatWire studio, I’m Shannon Morse

Third party code libraries were found to be vulnerable to a DNS poisoning flaw, and these libraries are being used in hundreds of products from networking brands like Netgear, Linksys, and more. Embedded Gentoo is also affected along with OpenWRT.

An attacker could send fake IP addresses repeatedly to a device, eventually forcing it to connect to a malicious server in DNS poisoning attacks. DNS is used to translate domains into computer speak IP addresses. DNS poisoning was first discovered back in 2008 by the late Dan Kaminsky (we miss you bro!), and allows for malicious IP addresses to be used when you’re trying to reach a legitimate domain.

According to researchers, at least 200 vendors use one of the vulnerable libraries, which include the uClibc and fork as alternatives to the standard C library. But while these vendors may use the libraries, they may use their own port randomization or means of securing against this type of attack. As such, vendors are currently working to see if their own products are vulnerable.

The issue was disclosed back in January and public disclosure just happened last week. Currently this issue is unpatched so security researchers recommend admins increase network visibility and security in the interim until a patch is released.

I report on cybersecurity news every single week so if you want to hear more, and you want to show your support, check out patreon.com/threatwire. Thanks for listening, I’m Shannon Morse, I’ll see ya next time!

https://arstechnica.com/information-technology/2022/05/gear-from-netgear-linksys-and-200-others-has-unpatched-dns-poisoning-flaw/

https://threatpost.com/dns-bug-millions-routers-iot-risk/179478/

https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/