FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dnsmasq -- TFTP server remote code injection vulnerability

Affected packages
dnsmasq < 2.50

Details

VuXML ID 80aa98e0-97b4-11de-b946-0030843d3802
Discovery 2009-08-31
Entry 2009-09-02

Simon Kelley reports:

Fix security problem which allowed any host permitted to do TFTP to possibly compromise dnsmasq by remote buffer overflow when TFTP enabled.

Fix a problem which allowed a malicious TFTP client to crash dnsmasq.

[source]

References

Bugtraq ID 36120
Bugtraq ID 36121
CVE Name CVE-2009-2957
CVE Name CVE-2009-2958
URL http://www.coresecurity.com/content/dnsmasq-vulnerabilities
URL https://rhn.redhat.com/errata/RHSA-2009-1238.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.