Vulnerability in 3rd-party libraries can send devices' users to malicious sites. //

The flaw makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses, researchers from security firm Nozomi Networks said Monday. By feeding a vulnerable device fraudulent IP addresses repeatedly, the hackers can force end users to connect to malicious servers that pose as Google or another trusted site.

The vulnerability, which was disclosed to vendors in January and went public on Monday, resides in uClibc and uClibc fork uClibc-ng, both of which provide alternatives to the standard C library for embedded Linux. Nozomi said 200 vendors incorporate at least one of the libraries into wares that, according to the uClibc-ng maintainer, include the following:

Linksys WRT54G - Wireless-G Broadband Router
NetGear WG602 wireless router
Most Axis network cameras
Embedded Gentoo
Buildroot, a configurable means for building busybox/uClibc-based systems
LEAF Bering-uClibc, the successor of the Linux Router Project that supports gateways, routers, and firewalls
Tuxscreen Linux Phone