FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dnsmasq -- TFTP server remote code injection vulnerability

Affected packages
dnsmasq < 2.50

Details

VuXML ID 80aa98e0-97b4-11de-b946-0030843d3802
Discovery 2009-08-31
Entry 2009-09-02

Simon Kelley reports:

Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled.

Fix a problem which allowed a malicious TFTP client to crash dnsmasq.

References

Bugtraq ID 36120
Bugtraq ID 36121
CVE Name CVE-2009-2957
CVE Name CVE-2009-2958
URL http://www.coresecurity.com/content/dnsmasq-vulnerabilities
URL https://rhn.redhat.com/errata/RHSA-2009-1238.html