Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

Enlarge (credit score: Getty Photographs)

{Hardware} and software program makers are scrambling to find out if their wares endure from a crucial vulnerability lately found in third-party code libraries utilized by tons of of distributors, together with Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution.

The flaw makes it potential for hackers with entry to the connection between an affected machine and the Web to poison DNS requests used to translate domains to IP addresses, researchers from safety agency Nozomi Networks stated Monday. By feeding a susceptible machine fraudulent IP addresses repeatedly, the hackers can pressure finish customers to hook up with malicious servers that pose as Google or one other trusted web site.

The vulnerability, which was disclosed to distributors in January and went public on Monday, resides in uClibc and uClibc fork uClibc-ng, each of which give alternate options to the usual C library for embedded Linux. Nozomi stated 200 distributors incorporate not less than one of many libraries into wares that, in line with the uClibc-ng maintainer, embrace the next:

Learn 10 remaining paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *